Goodbye PCI - Hello Encryption and Data Loss Prevention Products

December 27, 2009

• Analysis by: Michael Cherry


• Analysis of: PCI DSS little deterrent to payments crime


• Published at: www.thesheet.com

Summary

More good news for Symantec Vontu, Fidelis, EMC  RSA, Voltage, Verdasys, Trend Micro LeakProof, Websense, McAfee Reconnex and PGP.  The arguably ineffective Breach Avoidance Rules championed by the Payment Card Industry (PCI DSS) are on their way out; and new solutions that rely on Encryption and Data Loss Prevention Products are emerging. Expensive lawsuits could be directed against the founders of PCI: American Express, Discover Financial, JCB, MasterCard and Visa International.

Analysis

Many of the speakers at the December 2009 Payment Card Industry Data Security Standard (PCI DSS) Compliance Conference in Sydney, were downbeat.

• Speaker Stephen Wilson, said PCI DSS was a “patch” designed by payment card companies in the hope that they could avoid forcing merchants and financial institutions to use more complex, expensive and time-consuming procedures like encryption and two-factor authentication as a standard part of every transaction.


• Speaker David Kaplan, Director of Security Consulting Practice, Earthwave said the claim by members of the PCI Security Standards Council that no organization that is PCI DSS compliant has been breached was wrong. So far in 2009, there have been over 350 breaches and over 100 million identities and card holder data stolen from companies who were PCI DSS certified.