|
|
 |
|
Viewing report
|
|
|
|
Understanding How PCI-Compliant Companies Can Be Breached: Security in a Post-Heartland World
Javelin Strategy & Research, June 2009, Pages: 49
The Payment Card Industry Data Security Standard (PCI DSS) raises the high water mark for data security. But there's a persistent myth that PCI compliance equals security. The reality is that PCI is only a baseline, and one that needs to be monitored constantly as the threat landscape changes. In the months following what may be the largest the data breach in U.S. history at Heartland Payment Systems®, many people are wondering if PCI is effective. In response, the PCI Security Standards Council has released new guidance around risk-based compliance and Qualified Security Assessor (QSA) reviews and remediation. But will these be enough to calm the concerns that merchants have with PCI? This report includes an update of PCI, an overview of emerging technologies, and lessons learned from the Heartland breach. Hashing, tokenization, end-to-end encryption, and Chip and PIN are covered in depth.
Primary Questions:
- Does PCI compliance equal security?
- Which are the most common requirements not met by previously PCI-certified firms?
- What has been learned about the Heartland breach?
- How can merchants store PAN data without violating PCI?
- What are the emerging technologies that can help merchants take PAN data out of scope for PCI compliance?
Methodology:
This report is based on data collected online from a random-sample panel of 2,339 respondents in September 2008. The survey targeted respondents based on representative proportions of gender, age and income compared to the overall U.S. online population. Overall margin of sampling error is ±2.03% at the 95% confidence level, for 2008.The report was also based on interviews with executives from the PCI Council, Heartland, and eight security vendors.
Product samples
A sample for this product is available. Please Login/Register to download this sample.
|
|
|
|
