Episode #205 of the Network Security Podcast has an interview with the General Manager of Payment Card Industry (PCI)’s, Bob Russo. In case you’re not familiar with PCI this is from Wikipedia “standard was created to help payment card industry organizations that process card payments prevent credit card fraud through increased controls around data and its exposure to compromise.” The standard is tiered depending on how many credit card transactions your organization processes. The more transactions you process monthly then the more controls you must implement. We mostly avoid PCI at work by using a punch out solution where we send customers to a PayPal clone for payment and therefore we don’t store or transmit any credit card data.
There’s a’ new PCI standard being released in the fall. The big change is moving to a three year life cycle vs. the 2 year which has been followed to date. This will give organizations an extra year to implement any changes in the standard. This is also a positive indication that the standard has matured to the point where it is effective at reducing data breaches. Let’s keep our fingers crossed there is not another TJX or Heartland breach occurring as I type this…