Is PCI A Fool’s Game?

January 26th, 2008 • RelatedFiled Under

Is PCI A Fool's Game?The challenge with PCI certification is simply that it is reactive instead of proactive. Virtually every rule set created is based on some previous bad act to create the ultimate in a false sense of security. The challenge becomes when you mandate that millions of merchants worldwide spend billions of dollars to become “compliant” you find that when they ultimately become what the industry would deem as “safe” that the rule sets are simply outdated.

I am not saying that the industry isn’t trying, not in the least. Certainly there is some value in the altruistic goal of safeguarding the personal data of a billion card members, but at what price? Too often we penalize the end merchant when in fact the average merchant isn’t the target; it’s the Fortune 500s with all the cases of security breaches. So then the question becomes: Why? Can it be said to a public relations game, possibly? Ultimately the value does become, what better way to safeguard the Visa and MasterCard (NYSE MA) brand name than to say “We care.”

Whether it is the futile efforts of Verified by Visa or contactless cards, no industry-mandated solution has ever been anything more than fools’ gold. As countless industry solutions come into play, only to milk the average merchant out of his hard earned cash, the end merchant finds himself only having to spend more of his earnings and revenue in the end to keep up to date with what is today’s hot new internet scam, only to say “but we tried.”

I don’t speak without experience here, I have personally helped many merchants become compliant from a Level 1 processor a Level 4, these same merchants once believing that a sticker claiming “Hacker Safe” is the way to go. With every level of compliance, I can certainly say there is some value in the end result, but the reality is that with hundreds–nay, thousands–of rule sets, the one thing the end hacker will do is find the one flaw and that’s the human factor. The truth is, until the industry faces the fact that there is no true compliance mandate that they can ever enact and limit merchant level and consumer level liability, the reality will be that no PCI type will ever mean more than millions more $$$ in service providers that promise the ultimate false sense of security

Bookmark this article!

DiggBlinkbitsBlinkListsBlogLinesBlogmarksBuddymarksCiteULikeCo.mmentsDel.icio.usGraveeDiigo

FarkFeed Me LinksFurlGoogleLinkagogoma.gnoliaNetvouzNewsvinePropellerRawsugarTaggly

RedditRojoSimpySphinnSpurlSquidooStumbleUponTailrankTechnoratiSlashDotYahoo

There Are 4 Responses So Far. »

  1. Comment by talljoe on 27 January 2008:

    You would think that such large companies would be pro-active in fixing the system. It is sad that all their doings are, as said, reactive. So, tomorrow we will see the new updates after another fallthrough of some sort.

  2. Comment by nygirl on 27 January 2008:

    It is virtually impossible to foresee every loophole, every hackers backdoor. We can only hope that the we are on the winning end and are able to counter them more times than not.

  3. Comment by Retailer on 29 January 2008:

    I think more we talk about Cracker the better. I think Hacker are being hired by such companies to sealed those holes. I am just wondering how much they spend on such other than their marketing and promotion.

  4. Comment by sagar456 on 5 February 2008:

    ^ ^ ^ couldn’t agree more, yes the companies spend 1000’s of $ over those hackers to verify all the loop holes

Post a Response

 Subscribe in a reader or Subscribe by Email