« I Go Both Ways with This One | Main | Beijing Doubles Parking Charges »

12 February 2010

Are You Compliant?

"Your best defense against a breach is to be compliant with this standard," said Bob Russo, General Manager of the PCI Council, referring to PCI DSS.

The PCI Security Standards Council, established by the world's largest credit card companies, has developed the PCI DSS standards to direct merchants on how to protect cardholder data. Although compliance with PCI DSS is a requirement for any merchant anywhere in the world that stores, processes or transmits credit card data, Russo mentioned that merchants outside the United States are not always aware of the standard. Russo spends a lot of his time traveling around the world trying to educate merchants, banks and governments about this important standard.

The conversation I had with Russo made me think once again about the credit card fraud that was uncovered at the Downtown parking lot in Auckland, New Zealand, last Fall, which has allegedly impacted an estimated 100,000 credit cards.

In my blog on January 11, 2010 I talked about the fact that I could not find out whether Auckland's Downtown car park, which is owned and operated by the Auckland City Council, was compliant with PCI DSS. The representatives of the Auckland City Council are not talking, which is understandable.

When I asked Russo about the Auckland case, he responded, "I don't have any information on that case nor could I discuss it if I did, but in general we haven't found anybody who has been breached that has been compliant with PCI DSS at the time of the breach. And that is over the last 3 years that the council has been in existence."

I guess that answers my question.

I don't want to be too hard on Auckland. To be fair, 3 years is relatively short and I would think it takes time for a worldwide standard to catch on. Like Russo said, many merchants outside the US are not familiar with PCI DSS, so there seems to be a lot more educating to be done. But the reason I bring up the Auckland incident again is that I think there is a real lesson to be learned here.

I will leave the final word to Russo, who gave me a message to shout out to the international parking industry: "If you are not compliant, look at what you need to do to become compliant right away because this is basically the law -- you need to be compliant."

Pete Goldin

Posted by at 01:12 PM |

Comments

Hello word!!!

Posted by: Alex | 09 April 2010 at 11:00 PM

The comments to this entry are closed.