Emerald Business Systems Blog

Ending the PCI Blame Game

Posted in PCI by ebs4pos on December 3, 2009

Fallout from the PCI Blame Game

A typical day. Russians were yet again selling fresh batches of stolen payment card data in closed hacker forums, and our initial undercover buys indicate that there was a significant breach. I knew what was going to happen next, and there was nothing that I or anyone else could do to stop it. No warning was possible. There was going to be another slow, painful train wreck—of that there was no question.

With our subsequent undercover buys of stolen cards, the involved issuer identifies the victim of the breach and notifies the card associations who eventually confront the victim. Disbelief. Shock. Panic. Lawyers—lots of lawyers. Outside attorneys. Estimates are made of the number of cards compromised—a meaningless figure that will later be prominently displayed in news headlines. PCI certification records are waved about. The victim's assessor is notified. Accusations. Finally, the victim is obligated to go public with the bad news. Their stock plunges as their customers jump ship. Game over.

via Ending the PCI Blame Game – CSO Online – Security and Risk.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: