Last week sandwich restaurant chain Jimmy John's said a hacker accessed payment systems at 216 of its stores and stole credit and debit card data. The chain is the latest victim in a series of security breaches among retailers including Target, Michaels Stores, Neiman Marcus, eBay, and last week’s Security Hot Seat member: Home Depot.
The constant flow of breaches begs a series of larger questions about PCI-DSS, the industry standard designed to help prevent these breaches. Is something inherently missing in this regulation? Is it even worth focusing on PCI compliance?
There has been much written on the topic and even Gartner's security experts debate the regulation’s merits. Gartner security and risk analyst Anton Chuvakin (author of PCI Compliance: Understand and Implement Effective PCI Data Security Standard Compliance) says PCI is a good starting point while fellow Gartner fraud expert Avivah Litan believes the security standard has largely been a failure.
So what do think? What side of the debate are you on - is PCI serving its purpose as a starting point for security or has PCI failed?
Related ArticlesSecurity Hot Seat: Unpatched Drupal 7 Sites Compromised
The Open Source CMS Leader in the Hot Seat after Announcement of Widespread CompromiseThe Security Hot Seat: HealthCare.gov
Welcome to our newest blog feature, The Security Hot Seat. Every Monday we will put a person or organization in the Hot Seat based on the security news of the past week. We picked quite a week to kick this off!The Security Hot Seat: Intellectual Property
IP in the Hot Seat after Hackers Charged with Theft of $100-200M in Xbox, U.S. Army Data