AOH :: IS2095.HTM

A Brand, Not a Security Standard




PCI: A Brand, Not a Security Standard
PCI: A Brand, Not a Security Standard



http://attrition.org/security/rants/pci/heartland01.html 

PCI: A Brand, Not a Security Standard
Fri May 8 21:09:02 EDT 2009
security curmudgeon

I am so fed up with this entire ordeal. As a customer who was twice 
affected by Heartland's security breach (two different cards through two 
institutions were re-issued because of the breach), I am disgusted with 
Visa and Heartland. PCI and its cheerleaders make me angry.

Visa is a PCI fan because it transfers risk to their customers, and 
removes liability from Visa. It's in their best interest to maintain the 
integrity of PCI at any cost, even when that cost is violating their own 
integrity. How can anyone sit back and groan about this ordeal without 
getting mad? Visa, PCI and Heartland are as bad as Enron, as bad as the 
Wall Street thugs who tanked the economy, and are nothing more than 
wealthy criminals.

I have asked Visa to comment on specific aspects of this. Attrition has 
had calls in to Heartland to comment on points of confusion and 
question.

We sit here, unsatisifed, without answers and wondering why either can 
stay in a position of financial power.

[...]

http://attrition.org/security/rants/pci/heartland01.html 


--
LayerOne 2009, Information Security for the discerning professional. 
May 23-24 2009 @ The Anaheim Marriott in Anaheim, California 
Visit http://layerone.info for more information 



Site design & layout copyright © 1986-2014 CodeGods