.

Does PCI becomes a standart for everyone but not just Payments Processing

<<

georgi

Newbie
Newbie

Posts: 1

Joined: Fri Feb 05, 2010 4:54 pm

Post Fri Feb 05, 2010 5:02 pm

Does PCI becomes a standart for everyone but not just Payments Processing

Hi Everyone,

I am wondering what is your professional opinion, how do you see its happening, will the PCI-DSS will become a standart that is followed by most of the companies no matter if they do payments processing or not. We all know that PCI-DSS became a standart based on best practice that some big companies decided to be and made them official.

Any comments and suggestions are welcome.

Thank you in advance for your time.

Regards,
Georgi Nikolaev
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Fri Feb 05, 2010 5:38 pm

Re: Does PCI becomes a standart for everyone but not just Payments Processing

I think that many companies are following the ISO 17799 / 27001 guidelines today. Much of PCI is common sense, like other best practices standards.  I think that some companies are incorporating some of the concepts already.  I am not sure if everything in PCI will apply to every business.  I think that if PCI becomes the defacto standard for most companies, it will be a morfed version that will carry another name. 
Last edited by Ketchup on Fri Feb 05, 2010 5:40 pm, edited 1 time in total.
~~~~~~~~~~~~~~
Ketchup
<<

kennut

User avatar

Newbie
Newbie

Posts: 46

Joined: Thu Apr 16, 2009 10:41 pm

Post Sun Feb 07, 2010 7:59 pm

Re: Does PCI becomes a standart for everyone but not just Payments Processing

as far as I know, for the business i' have audited includes hotels and retailing. This includes also in the region you're in, for example this is compulsory in the States, whereas in Asia, the awareness is somewhat, still lacking.

These are the two which PCI is a must due to the regulation from VISA/MC/Amex etc. Not all business will need to go into PCI unless you're in that the following tiers:

# Tier 1: The highest volume merchants, which submit 6 million or more transactions per year.
# Tier 2: Merchants that submit 1-6 million transactions per year.
# Tier 3: Merchants that submit 20,000 to 1 million e-commerce transactions per year.
# Level 4: Merchants submitting less than 20,000 e-commerce transactions per year, and all other merchants up to 1 million transactions per year

Read more: http://pindebit.blogspot.com/2008/12/mo ... z0etxqkjU8
Done all 3 certs, now going for CISSP.....
<<

dalepearson

Sr. Member
Sr. Member

Posts: 357

Joined: Thu Nov 09, 2006 10:03 am

Post Mon Feb 08, 2010 4:10 am

Re: Does PCI becomes a standart for everyone but not just Payments Processing

Will PCI become a standard for everyone..... hmmm good question, but I honestly think no, but its a step in the right direction.

As already stated PCI:DSS is only focused on payment card information, so its a narrow scope, and does not have interest in any area where this form of information is not resident or flowing. The PCI standard is still relatively new, and will of course continue to be developed and improved, but adoption is still relatively low and often misunderstood. Yes everyone who processes card data should be doing the PCI dance, but if their acquirer isnt making the push companies are not doing it, and when they do its a slow going process, and most often a minimal tick box approach.

All of these standards are best practice and common sense, some are mandated, and some are optional. Organisations still dont fully understand security benefits, its an overhead, and rarely done properly. If people who need to be PCI compliant expanded the requirements to fill their organisation this would be a good start to improved security, but I think we are some way away from this.

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software