HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 53 guests and 1 member online
 
Free Business and Tech Magazines and eBooks

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Network Pen Testingarrow Does PCI becomes a standart for everyone but not just Payments Processing
EH-Net
May 21, 2013, 01:22:03 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Does PCI becomes a standart for everyone but not just Payments Processing  (Read 4450 times)
0 Members and 1 Guest are viewing this topic.
georgi
Newbie
*
Offline Offline

Posts: 1


View Profile
« on: February 05, 2010, 04:02:48 PM »
Hi Everyone,

I am wondering what is your professional opinion, how do you see its happening, will the PCI-DSS will become a standart that is followed by most of the companies no matter if they do payments processing or not. We all know that PCI-DSS became a standart based on best practice that some big companies decided to be and made them official.

Any comments and suggestions are welcome.

Thank you in advance for your time.

Regards,
Georgi Nikolaev
Logged
Ketchup
Hero Member
*****
Offline Offline

Posts: 1021



View Profile
« Reply #1 on: February 05, 2010, 04:38:28 PM »
I think that many companies are following the ISO 17799 / 27001 guidelines today. Much of PCI is common sense, like other best practices standards.   I think that some companies are incorporating some of the concepts already.  I am not sure if everything in PCI will apply to every business.   I think that if PCI becomes the defacto standard for most companies, it will be a morfed version that will carry another name.   
« Last Edit: February 05, 2010, 04:40:13 PM by Ketchup » Logged
~~~~~~~~~~~~~~
Ketchup
kennut
Newbie
*
Offline Offline

Posts: 46


CISA, C|EH, CISM


View Profile
« Reply #2 on: February 07, 2010, 06:59:27 PM »
as far as I know, for the business i' have audited includes hotels and retailing. This includes also in the region you're in, for example this is compulsory in the States, whereas in Asia, the awareness is somewhat, still lacking.

These are the two which PCI is a must due to the regulation from VISA/MC/Amex etc. Not all business will need to go into PCI unless you're in that the following tiers:

# Tier 1: The highest volume merchants, which submit 6 million or more transactions per year.
# Tier 2: Merchants that submit 1-6 million transactions per year.
# Tier 3: Merchants that submit 20,000 to 1 million e-commerce transactions per year.
# Level 4: Merchants submitting less than 20,000 e-commerce transactions per year, and all other merchants up to 1 million transactions per year

Read more: http://pindebit.blogspot.com/2008/12/more-on-pci-and-tiers-1-2-and-3.html#ixzz0etxqkjU8
Logged
Done all 3 certs, now going for CISSP.....
dalepearson
Sr. Member
****
Offline Offline

Posts: 357


View Profile WWW
« Reply #3 on: February 08, 2010, 03:10:08 AM »
Will PCI become a standard for everyone..... hmmm good question, but I honestly think no, but its a step in the right direction.

As already stated PCI:DSS is only focused on payment card information, so its a narrow scope, and does not have interest in any area where this form of information is not resident or flowing. The PCI standard is still relatively new, and will of course continue to be developed and improved, but adoption is still relatively low and often misunderstood. Yes everyone who processes card data should be doing the PCI dance, but if their acquirer isnt making the push companies are not doing it, and when they do its a slow going process, and most often a minimal tick box approach.

All of these standards are best practice and common sense, some are mandated, and some are optional. Organisations still dont fully understand security benefits, its an overhead, and rarely done properly. If people who need to be PCI compliant expanded the requirements to fill their organisation this would be a good start to improved security, but I think we are some way away from this.
Logged
:: Subliminal Hacking :: / :: Security Active Blog ::
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.069 seconds with 22 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.