FTC Demands Info From PCI Auditors

The PCI DSS process is about to get more complicated and compliance is going to be harder to obtain – and frankly that’s a good thing.  Moving compliance efforts closer to real security efforts benefits the protection of data.  Making compliance something to obtain, and not simply purchase, will create ownership and buy-in in the compliance process.  Buy-in often leads to understanding which in turn can lead to valuing the effort and target outcome.

I look forward to seeing a few more teeth added to the PCI DSS, even if it takes the creation of a little kicking and screaming by the FTC.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s