A Finextra member 03 June, 2014, 16:57 0 likes What's the point of PCI if such breaches still happen?..

A Finextra member 03 June, 2014, 17:36 0 likes

Agreed, though they were probably PCI compliant at the time.

Could they fine themselves? ;0)

 

A Finextra member 03 June, 2014, 20:06 0 likes

Why bother to write comments like these?   Regardless of some of the questionable approaches to PCI taken by the card brands, what is the point of attributing any weight to PCI for a story like this?   There is no information here that would indicate Anonymous obtained this information because PCI is not what it should be.

Are you saying that the existence of a standard should automatically banish all hacking, fraud, social engineering, and insider data theft?   There are many valid ways to achieve data theft that are beyond the scope of what PCI attempts to address or well within the parameters of what PCI does address (e.g. a person with valid credentials and responsibilities committing criminal acts). 

The sixth largest breach of all time happened earlier this year in South Korea.  Over 100 million payment card records exposed via  a criminal act by a person within a credit bureau.  

If you could "fix" or eliminate PCI, how would it change things?   Assume you are making this point from an assumed superior position that consists of a "better idea".  How does your better idea make things better - beyond the point of getting someone through a transit terminal without having their data stolen?   We can all agree on the benefits of hardware encryption. . . but what eveything else?

 . . . or maybe people just make comments like this because they really don't understand what PCI is and what it isn't???

A Finextra member 03 June, 2014, 20:28 1 like One of the PCI's objectives is to ensure that cardholder/sensitive data is safeguarded. Clearly, that doesn't (always) work. Some of the solutions available in 2014 - tokenisation or 2FA. When there is nothing to steal, there is nothing to protect. Simples! You don't need thousands of pages that vaguely describe stuff nobody can comprehend (and, hence, act upon). Look at mobile telecom - their fraud rate is almost nonexistent without any PCI. Remove PCI, let banks and merchants get hit with tangible fraud, and they WILL take appropriate measures. PayPal is a good example of that.

A Finextra member 04 June, 2014, 01:09 0 likes

Biggest data breaches.  Can anyone point me to the best place to understand what the largest breaches of the last 10 years have been.  Is anyone tracking this data centrally? All part of the continuing journey to educate senior bank executives who grew up in a pre-cyber security world of the need to invest more...