cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Contributor I

Com;pliance dropping for PCI-DSS, and an interesting quote

Came across this article, and while the compliance dropping didn't surprise me, there was one quote that I think is gold for those working int he field, and trying to make the argument for resources, etc.  

 

“Our data shows that we have never investigated a payment card security data breach for a PCI DSS-compliant organisation. Compliance works.”

 

https://www.computerweekly.com/news/252473828/PCI-DSS-payment-security-compliance-drops-again

 

5 Replies
Highlighted
Advocate I

Re: Com;pliance dropping for PCI-DSS, and an interesting quote

And DSS v4.0 is just around the corner.  So currently compliant organisations may become non compliant all over again.  New version means more vendors clamouring to offer point solutions, bigger fees for QSA companies etc.  And yet so many organisations haven't got basic security hygiene right yet.

 

 

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS
Highlighted
Contributor III

Re: Com;pliance dropping for PCI-DSS, and an interesting quote


@Steve-Wilme wrote:

And DSS v4.0 is just around the corner.  So currently compliant organisations may become non compliant all over again.  New version means more vendors clamouring to offer point solutions, bigger fees for QSA companies etc.  And yet so many organisations haven't got basic security hygiene right yet.

 

 


And what I have heard is v4 will be very different from 3.x, which will add to all this.

 

 

---
Michael Brown, CISSP, HCISPP, CISA, CISM, CGEIT, CRISC, GSLC, GSTRT, ISSA Fellow
Highlighted
Newcomer III

Re: Com;pliance dropping for PCI-DSS, and an interesting quote

PCI DSS v4.0 is at least a year away, and is expected to change quite a bit from the draft currently being reviewed by stakeholders under NDA.

Jim Scardelis, CISA, CISSP, PA-QSA(P2PE), PCI 3DS Assessor, PCI SSA, PCI SSLCA, PCIP, CIPP/US, CIPP/C, CIPP/E, CIPT, MCSE
Any views or opinions contained in this communication are solely those of the author.
Highlighted
Community Champion

Re: Com;pliance dropping for PCI-DSS, and an interesting quote

What is PCI DSS without compliance, many of the banks indicate to their lower Tiers, that they must demonstrate their adherence to the controls and improvements.  But the Banks themselves in many cases, do not uphold the same level of compliance or simply ignore it.   It appears, as long as the Banks themselves do not fall foul of a security breach, they are exonerated.   Well it appears that way in New Zealand from my perspective.   Or will Open Banking be a new chapter or a new dawn?

 

Regards

 

Caute_cautim

Tags (2)
Highlighted
Advocate I

Re: Com;pliance dropping for PCI-DSS, and an interesting quote

v4.0 is out in draft.

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS