Secure Payments, PCI DSS, Regulatory Compliance Blog

Congressional Hearing on PCI DSS (on NOW!!)

March 30th, 2009 by cmark Posted in PCI DSS

Listen NOW!! Somewhat paraphrased tidbits from the congressional hearings..

“…the battle for cyberspace is one that we are not winning…”

“…(industry) is less interested in upgrading their infrastructure than reallocating fraud losses…”

“…(PCI DSS) is ineffective at reducing the real threats..”

“…get beyond the checkbox mentality…”

“…rather than being the floor, it has become the ceiling…”

“…as long as the industry is writing the standard, I fear that security wont increase…”

It is official. The PCI SSC and Visa (among others) will be testifying in front of the Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology Hearing. The title of the testimony is: “Do the Payment Card Industry Data Standards Reduce Cybercrime?” Here is the link.

The testimony will be a webcast of the hearing. Witnesses include Bob Russo (PCI SSC), Joe Majka (Visa), Dave Hogan (NRF), and Michael Jones (Michaels). The statement on the website says: “The hearing will examine the effectiveness of the Payment Card Industry’s Data Security Standards, which are security requirements for all businesses that store, process, or transmit cardholder data. These standards were established to reduce the number and size of data breaches, the proceeds of which may be used to fund terrorist activity.”

“Do the Payment Card Industry Data Standards Reduce Cybercrime?”
Tuesday, March 31, 2009 @ 2pm
311 Cannon House Office Building
Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology Hearing
[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

  1. 8 Responses to “Congressional Hearing on PCI DSS (on NOW!!)”

  2. By NM on Mar 30, 2009

    « the proceeds of which may be used to fund terrorist activity. »

    Oh dear. Aren’t people tired enough of this already? Data security is a worthy topic of discussion for Congress in itself, no need to make stuff up to link it with terrorism.

    Plus: cave-dwelling, goat herding fundamentalists don’t strike me as the most likely source of sophisticated computer-based attacks.

  3. By Ark0n on Mar 31, 2009

    Actually there is some evidence which indicates that credit card fraud help fund the Mumbai terror attacks. The big question, will government say self regulation has shown that it really isn’t working and they step in with their own program.

  4. By libertarianoid on Mar 31, 2009

    I knew it was only a matter of time before the feds tried to step in. After all, the feds are experts in infosec, and know better how to protect credit card company assets than the companies themselves. Right? lol. Ark0n you’re right - it’s just more of a power grab by the Warpiglicans and Kleptocrats.

  5. By NM on Mar 31, 2009

    Dear Ark0n,

    I have it from good authority that the Mumbai terror attacks also involved a significant number of traffic violations.

    Anyway, my point is that “terrorism” is the Godwin Rule of security. If you need to invoke it, you’re clearly more interested in security theatre than real security.

  6. By Anton Chuvakin on Mar 31, 2009

    Well, all the bitching “PCI is bad” might have done it… now PCI might just become a law :-)

  7. By KrankyPants on Mar 31, 2009

    Anything the government might come up with could not possibly be more pointlessly complicated or ineffective than what the PCISSC has done.

  8. By libertarianoid on Mar 31, 2009

    Kranky: You are overestimating them.

  9. By Anton Chuvakin on Mar 31, 2009

    BTW, live twitter coverage of this is at #pcihearing and http://search.twitter.com/search?q=%23pcihearing

Sorry, comments for this entry are closed at this time.