According to news.com.com, an update to the Payment Card Industry (PCI) standard will be out this summer.

The proposed update includes a requirement to, by mid-2008, scan payment software for vulnerabilities
…

Today, the requirement is to make all information unreadable wherever it is stored…But this encryption requirement is causing so much trouble for merchants that credit card companies are having trouble dealing with requests for alternative measures.
…

In response, changes to PCI will let companies replace encryption with other types of security technology, such as additional firewalls and access controls.

OK, so how many system break-ins, thefts of customer data, and exposures of personally identifying information must there be before the industry can get serious about data protection measures? Who could possibly think this was a good idea?

This entry was posted on Tuesday, May 16th, 2006 at 6:12 pm by Peter Hesse and is filed under general. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.