Comments on: Is PCI DSS Useless? http://www.infoseccynic.com/2009/06/07/is-pci-dss-useless/ Security: Life: Cynicism Mon, 08 Mar 2010 15:58:47 -0700 http://wordpress.org/?v=2.8.5 hourly 1 By: Business Plan Service http://www.infoseccynic.com/2009/06/07/is-pci-dss-useless/comment-page-1/#comment-202 Business Plan Service Thu, 10 Dec 2009 09:09:32 +0000 http://www.infoseccynic.com/2009/06/07/is-pci-dss-useless/#comment-202 Hi, It’s an interesting article. Thanks for sharing. <a href="http://www.bizplancorner.com/articles/24/Business-Plan-Service.aspx" rel="nofollow"> Business Plan Service</a> Hi,
It’s an interesting article. Thanks for sharing.

Business Plan Service

]]> By: Security Nerd http://www.infoseccynic.com/2009/06/07/is-pci-dss-useless/comment-page-1/#comment-136 Security Nerd Mon, 08 Jun 2009 15:26:26 +0000 http://www.infoseccynic.com/2009/06/07/is-pci-dss-useless/#comment-136 You hit the nail on the head, these controls need to regularly validated as still effective and/or still necessary along with identifying any new gaps and closing them. Even then, as long as you have the human element involved, you will have mistakes that could lead to security incidents. Keeps us in job though :) You hit the nail on the head, these controls need to regularly validated as still effective and/or still necessary along with identifying any new gaps and closing them. Even then, as long as you have the human element involved, you will have mistakes that could lead to security incidents. Keeps us in job though :)

]]> By: Christian http://www.infoseccynic.com/2009/06/07/is-pci-dss-useless/comment-page-1/#comment-135 Christian Mon, 08 Jun 2009 09:03:06 +0000 http://www.infoseccynic.com/2009/06/07/is-pci-dss-useless/#comment-135 A very well written article. This article here http://www.securityfocus.com/columnists/344 makes a very important point w.r.t the Letter of Engagement. Also worth remembering that a QSA verifies compliance with the standard and not that the entity being audited is actually secure. A very well written article. This article here http://www.securityfocus.com/columnists/344 makes a very important point w.r.t the Letter of Engagement. Also worth remembering that a QSA verifies compliance with the standard and not that the entity being audited is actually secure.

]]> By: uk_noodler http://www.infoseccynic.com/2009/06/07/is-pci-dss-useless/comment-page-1/#comment-134 uk_noodler Mon, 08 Jun 2009 08:55:35 +0000 http://www.infoseccynic.com/2009/06/07/is-pci-dss-useless/#comment-134 Good analysis of PCI DSS. But you fail to mention that transactions cannot be anywhere near secure while Card Holder Not Present transactions give over all the information needed to make numerous other transactions. Anyone working on the next generation payment solution? BTW, captcha still timed out. Good analysis of PCI DSS. But you fail to mention that transactions cannot be anywhere near secure while Card Holder Not Present transactions give over all the information needed to make numerous other transactions.

Anyone working on the next generation payment solution?

BTW, captcha still timed out.

]]>