Experts concerned over PCI rule relaxation
By Rene Millman,
As PCI requirements come into effect at the end of this month, experts have expressed concerns that that some organisations will rush through changes in order to make deadlines.
The two main companies behind the Payment Card Industry Data Security Standard (PCI DSS) initiative, Visa and Mastercard, have relaxed rules so that smaller retailers only have to deal with securing customer data on systems first by the end of this month, rather than complying with every part of the new regulations. The PCI DSS is a set of requirements for enhancing payment account data security
But there are worries that that the regulations are too onerous for companies and short cuts will be made in trying to meet the deadline.
"When dealing with information as sensitive as credit card details, it is absolutely crucial that everything possible is done to ensure the complete protection of this data," said Jacob West, Security Research Group manager at IT security company Fortify Software.
He said that given the rush for businesses to comply with the PCI standard, particularly the requirement to maintain secure systems and applications, he was concerned that some organisations won't do as thorough a job as they should.
"To achieve meaningful compliance with PCI, organisations have to design, build, test, and deploy their credit card systems with security in mind from the very beginning," said West.
West said that the PCI standard would be more effective and that more companies would pass the PCI audit the first time if it outlined specific steps necessary to implement a secure development lifecycle.
"Rather than alluding to industry best practices, we would like to see PCI mandate specific activities, such as architectural risk assessment, static source code analysis during development, security testing with specific measures of breadth and depth, and application-aware security defences applied to deployed applications," said West.
You may also like...
Sponsored Links
advertisement
You may also like...
Latest Security Analysis & Insight
What is your password worth?
Would you be tempted to sell off company passwords for a fee? If not, seems like you're in the minority, acccording to research.
- Macs under attack?
- Intel: security inside
- Are you spending too much on IT security?
- Does the government want to snoop on your data?
- Eurocrats versus the cyber criminals
- The truth about spam
- Google and privacy: What’s the problem?
- Q&A: Symantec’s CISO on the source code hack
- RSA: Back from the breach?
Latest Security Reviews
Check Point 2210 Appliance review
Rating: 
advertisement
Most popular
- Apple iPad 3 vs iPad 2 head-to-head review
- Hutchison denies it will pull plug on Three UK
- EMC World 2012: Tucci declares Documentum is here to stay
- ICO: Fines for cookie law breakers
- EMC World 2012: EMC talks up cloud, security and big data
- Dell PowerEdge R820 review
- Sony Vaio T13 Ultrabook review: First look
- BlackBerry 7 OS certified to carry 'Restricted' UK government information
- Facebook floatation marred by Nasdaq glitch
- CIO: Career is over?
Latest News Videos in Security
IT PRO Podcast: Are UK data protection laws flawed?
PlayWe bring in two experts to talk about the problems with UK data protection law and the way it is managed.
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
