Blog article
See all stories ยป

An article relating to this blog post on Finextra:

PCI security standards in the dock

A legal challenge to the payment card industry's PCI security standards is brewing in the US, as a Utah-based restaurant chain cries foul over the apparently "arbitrary" nature of the system and the l...

See article

PCI is not onerous - it's too weak

Despite all the bleating about PCI over the years, I found it to be too weak.

With all the focus on Cardholder Data - as being that on the Mag Stripe - namely Cardnumber, Cardholder Name, Expiry Date and Security Code - I found many Merchants & Service Providers treated it as a 'max' rather than 'min' level of security.

I performed due diligences on places where lots of other personal data such as Mothers Maiden Name, Cardholder Address, Phone Number, e-mail address, Date of Birth, Passport Number, Gender, Religion, etc etc was never encrypted, simply because PCI itself didn't tell them to do so.


Comments: (0)

Keith Appleyard

Keith Appleyard

IT Consultant

available for hire

Member since

17 Aug 2007



Blog posts




More from Keith

This post is from a series of posts in the group:


A place to share stuff that isn't at all fintec related but is amusing, absurd or scary.

See all