Wednesday, May 19, 2010

PCI is Required - Even if Your Bank Doesn't Call You

One of the complaints I hear regularly from schools it that they have not had much contact with their acquirer or processor about PCI. In some cases, when they tried to talk to the acquirer they were either unable to get hold of someone in the Compliance area or their calls went unanswered.

While that may describe your situation, you don't get a free pass on PCI. To make this point, let me suggest you read this article in Forbes. The author also makes some excellent points about how you can lie on your SAQ, but you are really only fooling yourself. This gets back to the Validation-does-not-equal-Compliance argument I have made too many times already.

There are some great quotes from Anton Chuvakin and Martin McKeay, both of whom are PCI and security experts as well as friends.

Next time someone asks you about whether you think it's worthwhile complying with PCI, point them to this article.

No comments:

Post a Comment