Full Disclosure mailing list archives
Re: Compliance Is Wasted Money, Study Finds
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Sun, 11 Apr 2010 01:00:56 +1200
Tracy Reed to Digital X:
Having just gone through a PCI audit I can safely say a few things:Not the fault of PCI. Perhaps you should consider a better auditor.
Ummmmm -- isn't the point that PCI is set up such that lowest (common denominator amongst) auditors are actually the ones that define what "PCI compliance" really is? As an earlier poster already pointed out, all the vaguely recent major credit card data theft cases have involved "fully PCI compliant" (as defined by that perpetrator's PCI auditors) card processors, etc... What part of "that's really fsck'ed-up" did you not understand? ... Sure, you _can_ retain a "morally [and maybe even technically] superior" PCI auditor, but WTF does that buy you other than a bigger bill for an essentially meaningless "certification"? Did any of those massive "PCI accredited" fsck-up operators lose their accreditations? Did any of them have to give up there CC processing business activities as a result of their _proven_ (by the mostly generally trivial "hacks" that fsck'ed them up) poor practice? So Why would any other "must be PCI compliant" operators even consider spending more money than the lowliest of PCI auditors charge? Regards, Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Compliance Is Wasted Money, Study Finds, (continued)
- Re: Compliance Is Wasted Money, Study Finds Keith Tomler (Apr 07)
- Re: Compliance Is Wasted Money, Study Finds J Roger (Apr 07)
- Re: Compliance Is Wasted Money, Study Finds Valdis . Kletnieks (Apr 07)
- Re: Compliance Is Wasted Money, Study Finds J Roger (Apr 07)
- Re: Compliance Is Wasted Money, Study Finds Valdis . Kletnieks (Apr 07)
- Re: Compliance Is Wasted Money, Study Finds Stephen Mullins (Apr 07)
- Re: Compliance Is Wasted Money, Study Finds Tracy Reed (Apr 07)
- Re: Compliance Is Wasted Money, Study Finds Valdis . Kletnieks (Apr 07)
- Re: Compliance Is Wasted Money, Study Finds Digital X (Apr 08)
- Re: Compliance Is Wasted Money, Study Finds Tracy Reed (Apr 09)
- Re: Compliance Is Wasted Money, Study Finds Nick FitzGerald (Apr 10)
- Re: Compliance Is Wasted Money, Study Finds Thor (Hammer of God) (Apr 10)
- Re: Compliance Is Wasted Money, Study Finds Valdis . Kletnieks (Apr 10)
- Re: Compliance Is Wasted Money, Study Finds Keith Tomler (Apr 07)
- Re: Compliance Is Wasted Money, Study Finds Valdis . Kletnieks (Apr 22)
- Re: Compliance Is Wasted Money, Study Finds Christopher Gilbert (Apr 23)
- Re: Compliance Is Wasted Money, Study Finds Mike Hale (Apr 23)
- Re: Compliance Is Wasted Money, Study Finds Thor (Hammer of God) (Apr 23)
- Re: Compliance Is Wasted Money, Study Finds Christian Sciberras (Apr 23)
- Re: Compliance Is Wasted Money, Study Finds Thor (Hammer of God) (Apr 23)
- Re: Compliance Is Wasted Money, Study Finds Stephen Mullins (Apr 23)