After Target, Neiman Marcus Breaches, Does PCI Compliance Mean Anything?

The recent data breaches at Target and Neiman Marcus have once again shown that compliance with the Payment Card Industry Data Security Standard (PCI DSS) is no guarantee against an intrusion.

What’s unclear is whether the problem lies in the standard itself, or the manner in which it is implemented and assessed.

Neiman Marcus on Thursday became the latest company to suggest that PCI compliance had brought it little security against a major intrusion.

In a letter to U.S. Sen. Richard Blumenthal (D-Conn.) explaining the recent breach that exposed 1.1 million payment cards, Neiman Marcus CIO Michael Kingston claimed the intrusion happened even though the company had security measures that exceeded PCI standards.

Target, which last month disclosed a data breach that exposed credit card data on 40 million people, is also believed to have been PCI compliant at the time of the intrusion.

via After Target, Neiman Marcus breaches, does PCI compliance mean anything? – ComputerworldUK.com.

———————————————-

Journal of Law & Cyber Warfare | www.jlcw.org The Journal of Law & Cyber Warfare provides a public peer-reviewed law publication to foster open discussion and education of technology, government and legal stakeholder in relation to the complex issue of cyber warfare.  Journal of Law & Cyber Warfare accepts articles written by military, technology, judges, government officials, academic and legal practitioners.  The Journal of Law & Cyber Warfare provides a public peer-reviewed law publication to foster open discussion and education of technology, government and legal stakeholder in relation to the complex issue of cyber warfare.  Journal of Law & Cyber Warfare accepts articles written by military, technology, judges, government officials, academic and legal practitioners. The Journal of Law & Cyber Warfare is honored by the world class caliber editorial board that is involved with the Journal. Thought leaders from forensics, law, warfare, and cyber security are on the Board. The Journal is always looking for interested thought leaders who believe they can contribute in a meaningful fashion to the development of cyber warfare scholarship.