Friday, October 23, 2009

Why Most PCI Self-Assessments Are Wrong

Another fantastic article I found in the archives of Even Shcuman's StorefrontBackTalk on PCI compliance written by David Taylor... it gives me the willies!

Written by David Taylor

The reason that so many PCI self-assessments are wrong is that they focus on the mainstream business processes of the company. They often ignore a lot of “back-channel” or “just-in-case” practices that result in card data coming into the company not protected by the various PCI and other data security measures to protect more mainstream applications, data repositories and processes.

Here are 3 examples, all of which come from personal experience:  StoreFrontBackTalk

No comments:

Post a Comment