Comments on: Visa: Retailers Doing Better With Credit Card Security, But A Few Holdouts Remain http://hackreport.net/2007/07/31/visa-retailers-doing-better-with-credit-card-security-but-a-few-holdouts-remain/ Security News Thu, 04 Dec 2008 19:25:05 +0000 http://wordpress.org/?v=2.0.4 by: Danny Moran http://hackreport.net/2007/07/31/visa-retailers-doing-better-with-credit-card-security-but-a-few-holdouts-remain/#comment-4735 Wed, 19 Sep 2007 11:17:14 +0000 http://hackreport.net/2007/07/31/visa-retailers-doing-better-with-credit-card-security-but-a-few-holdouts-remain/#comment-4735 The amazing thing to me is that the PCI Security Council (as of today Sep 18) has not released a SAQ - self-assessment questionnaire for PCI DSS 1.1. They have an old version (1.0) on the Web site. If you do the numbers of how many merchants at each level are compliant (I only have July stats from VISA and as you pointed out - M/C, Diners and AMEX don't share their compliance stats) - you will find that about 70% of all VISA transactions are performed by non-compliant merchants. The little guys (Level 4) relative to their size would suffer the most since they are a soft target for hackers and a soft target for trusted insiders as well. What needs to be done is to provide merchants with a practical tool to self-assess risk and start mitigating their threats - and be compliant - on the way. After all - this isn't compliance for compliance sake - the card associations need the payment processing supply chain and cardholder confidence to be strong. See this cool article - at http://www.software.co.il that talks about practical ways of doing this Sounds good to me Danny The amazing thing to me is that the PCI Security Council (as of today Sep 18) has not released a SAQ - self-assessment questionnaire for PCI DSS 1.1. They have an old version (1.0) on the Web site.

If you do the numbers of how many merchants at each level are compliant (I only have July stats from VISA and as you pointed out - M/C, Diners and AMEX don't share their compliance stats) - you will find that about 70% of all VISA transactions are performed by non-compliant merchants.

The little guys (Level 4) relative to their size would suffer the most since they are a soft target for hackers and a soft target for trusted insiders as well.

What needs to be done is to provide merchants with a practical tool to self-assess risk and start mitigating their threats - and be compliant - on the way. After all - this isn't compliance for compliance sake - the card associations need the payment processing supply chain and cardholder confidence to be strong.

See this cool article - at http://www.software.co.il
that talks about practical ways of doing this

Sounds good to me
Danny

]]> by: The Compliance and Security Connection http://hackreport.net/2007/07/31/visa-retailers-doing-better-with-credit-card-security-but-a-few-holdouts-remain/#comment-3874 Wed, 08 Aug 2007 19:50:31 +0000 http://hackreport.net/2007/07/31/visa-retailers-doing-better-with-credit-card-security-but-a-few-holdouts-remain/#comment-3874 <strong>Visa Posts PCI Compliance Figures...</strong> This past Monday, VISA released updates of merchant compliance with various aspects of the PCI Data Security Standard. According to Evan Schuman's report on HackReport.net, VISA has stated that 96% of Level 1 and Level 2 merchants have written to... Visa Posts PCI Compliance Figures...

This past Monday, VISA released updates of merchant compliance with various aspects of the PCI Data Security Standard. According to Evan Schuman's report on HackReport.net, VISA has stated that 96% of Level 1 and Level 2 merchants have written to...

]]>