|
|
|
Shedding Light on PCI Compliance
By: Dan Berthiaume
2008-03-24
Article Rating:  / 6
There are 2 user comments on this Enterprise Applications story.
Shedding Light on PCI Compliance (
Page 1 of 2 ) The Hannaford Bros. breach shows once again that consumers deserve to know which retailers are in line with Payment Card Industry standards.One of the most pressing questions in the wake of the Hannaford Bros. credit card data breach is whether the supermarket chain was in compliance with the Payment Card Industry Data Security Standard, a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures.
If the retailer was PCI-compliant (Payment Card Industry-compliant), that holds potential implications for the effectiveness of PCI. If Hannaford was not PCI-compliant, then consumers whose data was exposed will rightly wonder why the protocols were not followed.
A class-action suit filed March 19 on behalf of affected consumers by law firm Berger & Montague makes the answer to questions about Hannaford's PCI compliance even more critical.
However, there is one catch to ascertaining the status of Hannaford's PCI compliance at the time of the breach. There is no central body that certifies, tracks or reports retailers' PCI compliance efforts.
PCI is the panacea for everything but security. Click here to read more.
The PCI Security Standards Councila global forum founded by American Express, Discover Financial Services, JCB, MasterCard Worldwide, and Visa Internationalsets standards, but does not certify or enforce them. And the major credit card companies, who rely on reports from acquiring banks to determine who is following PCI protocols, do not make that information public.
Something is amiss here. Consumer concerns over the security measures (or lack thereof) protecting their sensitive personal information have never been higher. It appears that having some type of public certification for PCI-compliant retailers would go a long way toward easing some of those legitimate concerns and would benefit the retailers and credit card companies involved.
To some extent, this may be a classic situation where a need exists but there is no obvious candidate to fill it. The PCI Security Standards Council lacks the resources to serve as a true enforcement body. The retail industry, already overloaded with an endless variety of councils and forums that manage a plethora of standards, is likely not anxious to create a new standards organization. The credit card companies have already made the effort to create the PCI Security Standards Council, and the less said about asking the government to step in, the better.
|
|
�������xr80�VӮc�]mT![rYST婎PP$$M�{%Ο�� 7]hɗ%�L �D"λ$i9�rsݙk��j֢w.�?���Yf8m�TE[\ߤ~�Am;t� =4mMFNHB��}@~sfw��D%x�_'Щ�ѩ&wɔZiКل�ؕ>}~qbw�.hqLIlG5t�uK�%H�xu)t�(DIږyH6�GǮ�J;�ߣ*#7�ݙx8/DeO��d^b{�Ay<��5��;^��;�0k��BQ5w0NK
<[8 #5nCU�VekF֠}l�u�y!l�
�1#osݿ!HݤNoޤ@d`jId:@:",��#63!p�55\ap�)zXY6tG-#H�1PN$}+AbArxưciH��|6XB�?¼�'�@�>x uȭB ¿{k�߀#ݸ1�ܷL[b�6�Z ۄ@ظz00!�%�DhOǍ�@uhs�2n�
eþ9Je_+aV+Cxxg9{�ؖ3p*s�_gJU4E?_tO/�$�(֝�h
m+iu]+i0�^w2 �ϝwy@ΰ�{A~�$Fj;�}�&UJD�Z-�gi&
0h!5�ttA�X{t\獒AwnFe_�P+).C#-b|+0#ƌ_8r�
s1\]^u�2��]u;'>ߙecfy�3�?T�r�Jw3F~��V�'kEw''+|�w
_ܹOlDM��Wh6w0Nկz�6O{uH�54Y�01\�
\^Kj=2OeLCxY�$Y.�r{&:���C���j�ݖE�B_*D�\�KŗG)LY4C�� ! ,�2ɌS�Hu��t:��9AcE>oU:_T7oh�2��f4 �mp���a4F�ALu�&�h�)5?�&Fb.L22z)=mZW/��(AK/�
ڊ�5|*(if)[�/3�A.r)i"�� 6=aB+^뻹(4l=�.k\G�֛esJ�֖t]�;5Eя1-+�}י4O:N/{��~:��xD18�,]evb`\�77�Zu?1�Ra�^TU���G��&-d`q86acJݤc}nE=0�
t3ϼC|>55F㤞F!|Бd��mxq�Z.S+ԍE��Xn`��ha�Ni1[W <ۋJ�pI�x�Z3�x�&ztH۠h&r�kIO�7.[A0?�� [
O`p\�&[�xk�=�`Dy+wMGH�b1L{��TM`�@#AX�]7$>�(�@�+�9=P�lmVl}d`1 >5�%ޣ�N\IQ��m�2)%%E2��� 4.gH)AH �=[h���� ]��99z����|?#!bRN[
'9Rt{B#̝CRMfJ9cb -d[b�}I�lΌ�eV&vφaZLbo��7�]�,�Sl3-M�us֪%6��ʋzhB&Syjm��S#�U^?)h�X�L9}�p��p�]?��n;N)%}&�^93�[��->քMG3�wD�&� f+Lo�L�hQ�ĸG63ˀ)4+�9pPwg�>`|�=
0Xհݹ2r|��I4�5+8dp; �y_�ܼ?
b>ȝ 8#��_gM������Y�1�Q)OzBaexʸ**$,T4��pt�j�KwCݼ~h��"é;hqNNSНB#D9z�Q=/OJb-yhֽ(Uv/:A']�օV�P+=o�@x#� X{K/,è+A*K�_ji�
�l�siŰ,Bm6|�G�9̆騤~zCuC�[�MܟXTM.?`
}dҶ<:+�5mZ/}sf8�,� �J;
H璉IJ5*/�XSZ3YCٰZQJ!M 6�D�ȸau-`b��S�]Wѹq@8CLs˙@�0π6uT8F_-O#BM��&De�
8TU���G�/zy@٘i�nE+Jc�\�COКy]֙;lRzz|p݉M% �WА�ap���"}����j90�h3}��!T0�|*Wԫ5H`m�S@Ak�SU�
ӄ.E^q~�VW��K
aE�"'1ڧ>s!�a*/7+�)Z|�;O�z^*k 9ɡUUR;,Z
8;z%^A�Aq̻8
�k� 9tc~y09M׃�Zfe�Y:�57A_!��^R`w%�UXY81f�-��1?0kE
��/ÊTU5
ܧ+i
fR9!}�l�dA;X�~\W4Uud�¹�`���Qе�a�⢉!h;+����4khý235R˥U;OPd�[Ђwk-ۦ
�`"�j�Uv�~ie��(����~~Kˣ��
G{icf�
Ma�fFž�nJm^RK{m7xE0�s-��fdaDF4Dw�bC�-�ͬR<ܷ�VuPB�&�75ϣJ!�p]'8��o~��Qjy6UG�3>�Ⱦ� N,(CR#C[J��r)zĀ�gE@�?�uU*)_0Ld��T~�#\�3fb|g]b+:9�Se>c'ß~}R�Sc\o e�l[GpOH7n�"]Ǥ|e�2-tn1�c%[´xO-�� �v�uxՂrO��'(3߹rf>ja;9Qo@H�ms1�0� ZH[AOIG�ߋ~ǍpkSǭNT%:@"�c�].g�}]~o̼QX�CG�VUeH4ỵV3C
e
4v=.EZЋg2|���>�/��i�)ՁGEXqk\U�C=,
=X畔Z=4¢lz�
z�|ɛIc#&�a\ix���Z2j_�JZVzϢ
C.z풖X��2B�0qܻB3ڟ5^@�M|CZOTK0uhnzGSYIzQ\L #n/�$h ހ�!1M�u(@=6{]M;k]!�L�~u$M<+1p]v3M�>ց�h
03RlȪ�+> 2.izIRϢsG&:Lpz�]�'Qd:)nQ==յћ[^Hh#
&w}C��A
|$U˚V�*j�ȹe#g��D!)Wje�>eѓe�O.��lWJ_�0]H���X9�H(P+ Y�G۷BlpH75
��SXp|
ޠ[PH�X�XD�>QkfR{e"��nxR*�gF�ccb~f.^+o�S�P�[�/I6�\S�0:;bd}g]Itu=8= %C.�I{�0q�q^;.���3!9t?���{gq O4
}U^;: C��z.RÏ-Fø@o9��P �K �CE1>bt߫]=-co/[vtaF:'(BZ@�iDWzA\9o]}^/~�zW!9^tt�xޥx\MC�R?!hSHN*:�f�3hmƛ&%��c�kC2�xidL�ik��-�,һjw8`LBX5c-ͅHgBS�fa�Eu0e�Rxy~�nU��2kq� ��
I�ku:;<��
�� c@JA=�Vohwg/i�{k
D
����bT10_RF�MQ�=#�ijvwL�"G)��_(([ҷoDW蘧Y;D_q-5s��z<~��\1Z9n~&=Br�^'18�Ϻ}hp)��I�"2c�]Z�ims�z}@iR'D[3pu*dKhwlj9l0��`&(�9-rq�]4_toX�GQ$.�snt�wÝԎ+^@(NEVp2k�x/��_Y.t0o��C�:9]cΓd�tWcL �塺1%��?kg@�Ǣ�)�n�
��A] ��j�8G�q,\[愆�㻞X�a�*0q)y��H-@V �FP�=oqw>p]9Qz AC~kM}\007~{vv6�bO0�7+�'ivݷ;s¾"CWq��k:�+`*
94�Dh�H�^ݍ X"2�NIJa'>�}8z�d�M�#}9��Jf�y��Ӽ4hɘAx�l�7B_7n�C]�pb]s!T �?7?~eҰ+w=
=z�w.+R!EkE��wWSU+�TOWgڢ�&E�%:�m֗Fݽ]vV5BĬxBw2h덧lw̷�kL��>dOc@/ulvk)輳��2�/�
[a[#�؞qa��L�px�2F�euw#�S�'gSc3/HF#xk��O(6-lF�@|P����;a6
*|�b1�\<�e�) W_M7⎍zkQ�$g�|o(o&xk5�)
kN7&/6o)�.��i{\nEa�>'xQx7e\ڊ�]�aKn~�Vv/w�,�Viug�.Gjc}6�VBO+�ʻ0й�ܠ���j/�C��Hۥ�a{DwP�ߧ,)ot(t ;j|i"
y��Vѓer�E�!|,Me6TU)@G(:��1�8n,��=
ט�#B�S�vgI'Z#�s!�G%?;ۊ5-fx9NjbOb\0*\;n0=r-L,WxRTrtIt+NF.U%!�),ԡ�̾q*JVH�Ɋ&��#Bz3'F�nrN,%NNNO2 C,c3 [�M<ʝI
]CF@mC�x9$/a2P�)kjp5r�_��7-�o g0Bٳ͈�O� /x�ڈبW$LId�x�밭f@U��C#Y?K�K6gƚ>�G#ҙ��|ZNp�[cuǍJY��;~ށ�� ��K"@��p���QL![Fd4%Wd&��ܴ-�B|wo�$um8[�hOg�V0Nyt;@k@�E���6vYX�<Ѩ�V "[�M��"TRר)6㰦H+P~-�8/CٖU0Kױ;�3:$Q�qw�w�w�w�w@WV~�:WvФ�z_�Yc\Uv���!H<'S[n�h# Qp@I�48 �"R2g��J�}m3ɔг(|&
L{->8��ȥ;�KS+��� �,��.�mL��/l�/Zij.�s�,K߽E:Zhcr( �FC\}m3֍!�H�D@B�
Vv�j>
y��-rytj~;q;PƟ-z��OMKhH�=�v/b˧?^J�Hې*/cI%0F>�W�=2.(+zPLb?[QzN�oc(6��&`K݁�ԣ�5Q�CbR-
uq<�bum'3<�Iqnn\uC.-;I��-0O4sQ!o��b7R88Y@�A,o}��̒Ѥ#H#ywwww,z[sHF�|C� �F�fӾ
��~@x1!V�[Y �Zl}67'�ȗp wm/k�z�Ʉ�k>7-A+�J,(4W?}�].Ov� ��?oz!���ʷ*w98Fǩ�]b�*A +b��M$UQn/GwBMϓ*�k$"h.>NѰ�|as�1)WO]��u�E�02� ���C\ӣ
+(WŨtk˝�È�ݙ䈣
oU0Bn-Fu%Y�=x��:3Sw]�;,c�o;u`
?y>=��k{�-�xd�%?�ޙ&=r-ReJ37�=�SOB["�)+_��]/Wse`6���M$UpP!Niyf5�c�NmMcy6.Zx�M_
o��&`B�l�j�V����8YT#y��>[�1+tҥt]oJY*VC}_?��m6`� :6ꇠdehh֒�_fX)j%M"q0M?+��+⌉fae�Or�%s �eH5�p��D
D��St��pM{F�sZ���g|-^=/Em/`M�!Z�p6P]?�z�Uc�b~g�-twn�w#GxqsR$4cT�"&|z`|K�\� ړv�̝G0Tr^`}LäwTXCg�2fQ�&ˇtxZڊ�RB�{�~#νq(_4���r�|{\�כ�9�qH.�j�S(W�ϙ])<�� ^a�᷍��klѳ܉�ˑ60ډ�J J�ݫ9�?2RmF�έ+�1/7W3�l1P�c;�+�Z`3+nsl+ZKɶ8+Yl�wAQgg)";0��̛;"X"Q�:��i�~RJHuT�7"Yu?l�g՚�*1Xt1Y�71Ք7�ZvN[{㱅IUO�kטPt1/ӄC��"x�x�aj aF
gfٝ7�g��_�=[!VWv�r�UC*��5�;�\l�Φ!�{��k2o�V0�� �wAG>p2zSR=U%=
�-RWld�b"@��[�_�ٹt>"?gs?��>zxX�2b�9k�`'Cߑ?ŝ@G��OWDvG=J�9$�.+Ja 3<�O&�xtT$l.cb?V=`Y`>zS?�#ᘭ#!+^K��Αf,S~c4:�.ʾBRw/rO0�ឩTH�VdL4"&(qTi+$<��~3&'N;%"�&L��m�ah��no}wFp��bZ1Ř!�&"�cs6#|-�⌹$}{/>ϳG>LQZj��*�!b3wاX, �}�,Wx
$�U, A��
"P�F:�
��9C�(�~jJ͍$�u�~�v�K�
.X`��-�.E�.ӻ�qw�6+נ�5�80
17�YG7`C[�5E�Y|ob�L<`A~,P!us�x\fH֎NK$Ѕ:x,@#!��9ω�KkO٧c
7úޛZF #}�AaP8�Z
��+z+uT'I]WP)9CȮ�KTU: |.Oa@
cyݬf/��/+\iJd�R.
��?h�$@쌆=xɾ~d�:��1�s3|��˳/wEZ!OGۻ G5¶V-�j=�u�_{_N�˫Š<|1 kyl2/*�(H\;NS�ʙ~oSgµ,��,�^;KwE 3@cqq�^ JI�t�gPJTٌ/!j�b\թ2MW?f�z
[Up�/Пxu3�K_-�fy�PDЦ?h
J�c7
5N>M�o���
)ns9�EЌLjV}Qu�xS�?
_A�pj+�彜r6Р)?'@�|OPi}i99�s?��7_?�}P9�g�]Cu^9u�^C9_�]_zy�[9rֺą۩�QNy*P/nr
�:WK?s�9^�}INF&^;��]a芫-5nk
ǤZuv�ņ^_B��KHe^ٛL�GP�/<,Y}Mʱ�4rk 7�[y�DYII{2}tE�Oi>r�i@Lwe<ߔ[nNJ>s\ȜHǣ�Wɴ&Vی �x�
FU�D��4k�{HO9}\�z[<�G4q. =�P7].�6tqS0n+0�4`ʭ}*eDdU:��.�UJ�0�XR����^9�Q(Fuoo*F0njE�=u'�a���0Vo1�BDO"O�ӉX;fC$UWeL ,$ŋtaSOp^Wv"�H��0�~Y$P&`!֞.�^G$��r w�� `1x G߄`-YkMD�2ydk�S
l
$4h[L,�eނz�<��h��-x�q9h[]ibR z�9tKdp!gB-Zыl�^@e�D�˺�暻�:X~ {n�70aŘSkCM�Hn�_!g]x@뗋`{�l>`��X)43�ǬH?70�e��4.X�L$̸fLe=Hn{J)�1-M6��И�Y�CƊvs��O��F[W7B��g��3Σ�>�̆I
�ůD|݆-�c1�0�*{�Oq���A�nﺳc�_ e��qg2 ��"�d`KFV``x5�SvÕtNuH��.;�m!�~K2#0' M̮+fAj3�rZŞ��k8�M��0�D`�g+xVb;`9�4Iأ ^BO�֦
��#�0uo��cO�Yg@�d�X3W]d��A_d|bOh�>Zo.TsLH�W|��ס)e4dW,<��bsފjd!zK2�jSo:h}vs�ܪRQĕI.«�U/=�G"�2cT
=�w`?GcБ�_45��:Z-5,l$=�=�A�Shrٻn"1��:
gCCJ�Ҧv=L籽�$(\d�~\g;Tj[�1:��dt��[BI<��<�~
�zH|c,X̨T�*L[�
|�qGAN��$Kd/-Yݨoˊ�LsӃ](3R^vȥI�zH,݈SAQ6+yJ>?��TN`{͓=&�rd{Ko�m#+nv˧�Tg7>��5ك|2h�}́!Xs#Q�%`
|���3̾J��D ϱm1ngo`�SCl
.7'�./]&
xWa! e;1KMP`�O3�!w>G-D�H��xky�f#%3WnJP/j`mR>ǔK�
]'[٧3�й?-Rn/���e[͌^�X��(
LIN�8u
vAѪ
N�7"�aa�No0n,$9@��R��s;=Vcm;p3z2
�9���Qm`-N \70(|Nuu
ۊ|.-e�c�FP1M ?&Il}
r�a�|X���^|+��o=ȉe6�]g0^O6p2$Ӿ82�#"�$$jVI�;;Q0��&|iE-ȓl`C�v�_)~ph[?�2Y�A� wVǰ�=dBLN7��P�3pRaL ��$b[и�I&'\9ƕE)�@Xqɩ8To�u)Z��Byһ�H'ٗ��RI>S�}��v4:yvډ�1J�bq')t?��V��zW X�ٺqKZ�?\>]@ђ�uzWN��]ŇtEg?0�m\}l4{n&_1�!�-2�VjwV㛾VtƦ�I:1qz륍yQ'b(5�6lS2G4K�_hj�Jl�Tɩ|Y;~XXqg;\d[hxb7&�;a�1Բ�>�)��
|
Enterprise Applications 
