Friday, March 28, 2008

PCI Safe Harbor? In Your Dreams, Breach Boy

Evan Schuman writes on StorefrontBacktalk:

PCI compliance shouldn't—and, in my opinion, likely won't—provide this absolute legal protection being touted. The intent was always that if a retailer could establish that they insistently did everything they could have done—and should have done—properly in terms of data protection, that they would then have their liability severely limited. That makes sense.

But to project that on a once-a-year declaration of compliance from one assessor based on fragmentary examination of a single point-in-time—working with an imperfect list of interpretable guidelines—is little more than ludicrous.

More here.

posted by Fergie @ 3/28/2008 07:18:00 PM

0 Comments:

Post a Comment

<< Home