[ISN] PCI: A Brand, Not a Security Standard

From: InfoSec News <alerts_at_private>
Date: Mon, 11 May 2009 01:16:41 -0500 (CDT)
http://attrition.org/security/rants/pci/heartland01.html

PCI: A Brand, Not a Security Standard
Fri May 8 21:09:02 EDT 2009
security curmudgeon

I am so fed up with this entire ordeal. As a customer who was twice 
affected by Heartland's security breach (two different cards through two 
institutions were re-issued because of the breach), I am disgusted with 
Visa and Heartland. PCI and its cheerleaders make me angry.

Visa is a PCI fan because it transfers risk to their customers, and 
removes liability from Visa. It's in their best interest to maintain the 
integrity of PCI at any cost, even when that cost is violating their own 
integrity. How can anyone sit back and groan about this ordeal without 
getting mad? Visa, PCI and Heartland are as bad as Enron, as bad as the 
Wall Street thugs who tanked the economy, and are nothing more than 
wealthy criminals.

I have asked Visa to comment on specific aspects of this. Attrition has 
had calls in to Heartland to comment on points of confusion and 
question.

We sit here, unsatisifed, without answers and wondering why either can 
stay in a position of financial power.

[...]

http://attrition.org/security/rants/pci/heartland01.html


--
LayerOne 2009, Information Security for the discerning professional. 
May 23-24 2009 @ The Anaheim Marriott in Anaheim, California 
Visit http://layerone.info for more information
Received on Sun May 10 2009 - 23:16:41 PDT

This archive was generated by hypermail 2.2.0 : Mon May 11 2009 - 01:27:49 PDT