cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 
Contributor I

Com;pliance dropping for PCI-DSS, and an interesting quote

Came across this article, and while the compliance dropping didn't surprise me, there was one quote that I think is gold for those working int he field, and trying to make the argument for resources, etc.  

 

“Our data shows that we have never investigated a payment card security data breach for a PCI DSS-compliant organisation. Compliance works.”

 

https://www.computerweekly.com/news/252473828/PCI-DSS-payment-security-compliance-drops-again

 

5 Replies
Contributor III

Re: Com;pliance dropping for PCI-DSS, and an interesting quote

And DSS v4.0 is just around the corner.  So currently compliant organisations may become non compliant all over again.  New version means more vendors clamouring to offer point solutions, bigger fees for QSA companies etc.  And yet so many organisations haven't got basic security hygiene right yet.

 

 

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS
Contributor II

Re: Com;pliance dropping for PCI-DSS, and an interesting quote


@Steve-Wilme wrote:

And DSS v4.0 is just around the corner.  So currently compliant organisations may become non compliant all over again.  New version means more vendors clamouring to offer point solutions, bigger fees for QSA companies etc.  And yet so many organisations haven't got basic security hygiene right yet.

 

 


And what I have heard is v4 will be very different from 3.x, which will add to all this.

 

 

---
Michael Brown, CISSP, HCISPP, CISA, CISM, CGEIT, CRISC, GSLC, GSTRT, ISSA Fellow
Newcomer II

Re: Com;pliance dropping for PCI-DSS, and an interesting quote

PCI DSS v4.0 is at least a year away, and is expected to change quite a bit from the draft currently being reviewed by stakeholders under NDA.

Jim Scardelis, CISA, CISSP, PCI 3DS, PCIP, CIPP/US, CIPP/C, CIPP/E, CIPT, MCSE

Any views or opinions contained in this communication are solely those of the author, and do not necessarily represent those of any organizations or entities the author may be associated with.
Community Champion

Re: Com;pliance dropping for PCI-DSS, and an interesting quote

What is PCI DSS without compliance, many of the banks indicate to their lower Tiers, that they must demonstrate their adherence to the controls and improvements.  But the Banks themselves in many cases, do not uphold the same level of compliance or simply ignore it.   It appears, as long as the Banks themselves do not fall foul of a security breach, they are exonerated.   Well it appears that way in New Zealand from my perspective.   Or will Open Banking be a new chapter or a new dawn?

 

Regards

 

Caute_cautim

Tags (2)
Contributor III

Re: Com;pliance dropping for PCI-DSS, and an interesting quote

v4.0 is out in draft.

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS