PCI standard has internal blindspot

The looming arrival of the credit card security regulations that make up PCI have been critcised for being too weak.

The looming arrival of the credit card security regulations that make up PCI have been criticized for being too weak.

The channel has been bracing itself for the past 18 months for the much delayed arrival of the PCI standard, which finally kicks in next week.

Emma Dunstone, marketing director at Secerno, said that too much of the emphasis of the PCI requirements, particularly 6.6 was on enforcing the need for a firewall but there was not enough recognition of the internal threats.

"It doesn't do enough to protect against the internal threat, where 80 per cent of attacks come from," she said.

She added that if resellers understood that the minimum requirements were not enough to protect the customer then they could make additional sales.

"There is a difference between what's compulsory and what's necessary," she said.

Ivan Ristic, vice president of security research at Breach Security, said that as with other areas of protection customers had to take a layered approach.

"Web application firewalls are not a silver bullet. Organisations should strive to build applications securely, and to continuously improve the legacy ones. It is a long term process," he said.

Dave Ellis, director of e-security and professional services at ComputerLinks, said that some of the problems could be as a result of human error inside an organisation and it could be unmalicious but the company's crown jewels were stored on internal databases.

"It is important that companies are looking at these things holistically. This whole database area is a key one," he said.

Read more on Topics Archive

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.