written by John P. Mello, Jr.
Standards can be a way to get organizations to do things you want them to do, but oftentimes they don’t get them to do much more.
The writers of payment-card standards appear to have been acutely aware of that phenomenon when the PCI Security Standards Council previewed their new PCI DSS 3.0 standard earlier this month.
“The existing PCI standard focuses clients on specific elements that are to be secured at a point in time — when the auditor is there — to get a PCI signoff for another year,” Philip Lieberman, CEO of Lieberman Software, told TechNewsWorld. “For most merchants, the existing PCI standard is a one-time pain per year where things are cleaned up, and the bad security practices return almost immediately after the auditor leaves.”(Read more)