The Security Hot Seat: PCI Security Standard



As the number of card breaches hits new records, the industry standard created to prevent these breaches finds itself in the Hot Seat

Last week sandwich restaurant chain Jimmy John's said a hacker accessed payment systems at 216 of its stores and stole credit and debit card data. The chain is the latest victim in a series of security breaches among retailers including Target, Michaels Stores, Neiman Marcus, eBay, and last week’s Security Hot Seat member: Home Depot.

The constant flow of breaches begs a series of larger questions about PCI-DSS, the industry standard designed to help prevent these breaches. Is something inherently missing in this regulation? Is it even worth focusing on PCI compliance?

There has been much written on the topic and even Gartner's security experts debate the regulation’s merits. Gartner security and risk analyst Anton Chuvakin (author of PCI Compliance: Understand and Implement Effective PCI Data Security Standard Compliance) says PCI is a good starting point while fellow Gartner fraud expert Avivah Litan believes the security standard has largely been a failure.

So what do think? What side of the debate are you on - is PCI serving its purpose as a starting point for security or has PCI failed?

Brian Mullins
Related Articles
The Security Hot Seat: Personal Device Encyption

This week' s Hot Seat features the latest issue in the debate on personal privacy vs. national security

The Security Hot Seat: Ernst & Young

As usual, there was no shortage of security news last week - the unraveling of the Home Depot breach, the discovery that banking malware Dyre has set its sights on Salesforce, and the release of 5 million Gmail logins by Russian hackers were just a few of the big stories. However, I decided to go with a slightly more bizarre selection for this week's Hot Seat.

The Security Hot Seat: Cyber Risk

Cyber risk in the Hot Seat after being identified as top concern for financial services industry.

Brian Mullins

Brian Mullins is vice president of product marketing at Digital Guardian. His team is responsible for strategic marketing at the product line level. Brian has over seven years of security executive experience in both data protection and identity and access management. He is a patent holder and winner of a Business Week International Design Excellence Award.

Please post your comments here