Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
mgorman
Contributor II
‎11-13-2019 09:17 AM
‎11-13-2019 09:17 AM

Com;pliance dropping for PCI-DSS, and an interesting quote

Came across this article, and while the compliance dropping didn't surprise me, there was one quote that I think is gold for those working int he field, and trying to make the argument for resources, etc.  

 

“Our data shows that we have never investigated a payment card security data breach for a PCI DSS-compliant organisation. Compliance works.”

 

https://www.computerweekly.com/news/252473828/PCI-DSS-payment-security-compliance-drops-again

 

Reply
5 Replies
Steve-Wilme
Advocate II
‎11-14-2019 04:11 AM
‎11-14-2019 04:11 AM

And DSS v4.0 is just around the corner.  So currently compliant organisations may become non compliant all over again.  New version means more vendors clamouring to offer point solutions, bigger fees for QSA companies etc.  And yet so many organisations haven't got basic security hygiene right yet.

 

 

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS
Reply
emb021
Advocate I
‎11-14-2019 11:30 AM
‎11-14-2019 11:30 AM

@Steve-Wilme wrote:

And DSS v4.0 is just around the corner.  So currently compliant organisations may become non compliant all over again.  New version means more vendors clamouring to offer point solutions, bigger fees for QSA companies etc.  And yet so many organisations haven't got basic security hygiene right yet.

 

 

And what I have heard is v4 will be very different from 3.x, which will add to all this.

 

 

---
Michael Brown, CISSP, HCISPP, CISA, CISM, CGEIT, CRISC, CDPSE, GSLC, GSTRT, GLEG, GSNA, CIST, CIGE, ISSA Fellow
Reply
0 Kudos
jimscard
Newcomer III
‎11-26-2019 12:43 AM
‎11-26-2019 12:43 AM

PCI DSS v4.0 is at least a year away, and is expected to change quite a bit from the draft currently being reviewed by stakeholders under NDA.

Jim Scardelis, M.S., CISSP, CISA, CEH, PCI Secure Software, Secure SLC, P2PE, P2PE Application & 3DS Assessor, PCIP, CIPP/US, CIPP/C, CIPP/E, CIPT, CTT+
Any views or opinions contained in this communication are solely those of the author.
Reply
0 Kudos
Caute_cautim
Community Champion
‎11-26-2019 03:47 PM
‎11-26-2019 03:47 PM

What is PCI DSS without compliance, many of the banks indicate to their lower Tiers, that they must demonstrate their adherence to the controls and improvements.  But the Banks themselves in many cases, do not uphold the same level of compliance or simply ignore it.   It appears, as long as the Banks themselves do not fall foul of a security breach, they are exonerated.   Well it appears that way in New Zealand from my perspective.   Or will Open Banking be a new chapter or a new dawn?

 

Regards

 

Caute_cautim

Reply
0 Kudos
Steve-Wilme
Advocate II
‎12-05-2019 03:48 AM
‎12-05-2019 03:48 AM

v4.0 is out in draft.

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS
Reply
0 Kudos