Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Reducing data breach risk through the ‘datensparsamkeit’ approach

Rebecca Merrett | Feb. 3, 2014
"If you don't store it, you can't be asked for it and you can't get into trouble," says ThoughtWorks' Sam Newman

PCI compliance is not a safety blanket
Compliance with the Payment Card Industry Data Security Standard (PCI DSS) is always going to lag behind new technologies, so no company can assume it will be 100 per cent secure by simply abiding by the standard, Shaw said.

"Just because you achieve PCI compliance, doesn't mean - and Target illustrates this quite well - you necessarily understand all the risks and have addressed all of them. It's up to companies to take ownership of that."

Newman said PCI compliance has become a sort safety blanket for many companies. "Do you think a single one of Target's customers care if they were PCI compliant? No, it's still Target's fault."

With the amount of Internet-connected devices growing, Shaw said there are going to be a lot more vectors for attack then before, and PCI may not stack up to the level of security needed to prevent sophisticated modern day attacks.

"While people have enthusiasm to adopt Internet-connected things and they offer a lot of innovative possibilities to businesses, there are no standards currently for those devices," he said.

"I think the point of sale device breach is really interesting in light of the Internet of Things. Just because it doesn't have a screen or a way to interact with it other than swiping a card through it, doesn't mean it's somehow secure and sealed."



Previous Page  1  2 

Sign up for MIS Asia eNewsletters.