The latest salvo in the Heartland saga is Visa's decision to delist both Heartland and RBS WorldPay from the PCI DSS compliance list. According to a harsh assessment by Avivah Litan, Gartner analyst: "It's all legal maneuvering by Visa," Litan said. "This is PCI enforcement as usual: They're making the rules up as they go."
Ouch. These are interesting developments, and raises some questions -
- Is complying to PCI not enough anymore?
- Was Heartland really compliant?
- Or did the auditors not do a good job when they looked at Heartland?
- Do compensating controls not do the work?
- Is the PCI standard too vague and open to interpretation?
- Or is Visa just ensuring it does not get caught in the legal storm brewing around the breach?
Questions, questions...
I hope that this drives the industry forward in creating better standards, better auditors and better solutions that can address the increased threats we face daily - all we can hope is look for the silver lining in this debacle...
No comments:
Post a Comment