Looks like congress feels like credit card companies haven’t done enough to stop online fraud and identity theft. The general feeling from lawmakers was that while the PCI standard does provide guidelines on how to protect customer card data and personal information, it isn’t effective at addressing ever changing threats. Lawmakers used an example of a company that had recently passed PCI compliance and was compromised while the actual certification was being granted.

Predictably representatives from the PCI council and the cards industry defended the standard and said that any company that had been shown to be breached was in violation of one of the standards at the time.

The reality of this all is that evidence of a breach doesn’t invalidate a standard. No regulation is going to stop online fraud, but it can dramatically reduce the risk as opposed to the absence of the standard. The real question should be how many breaches would have occurred without the standard and how must the standard evolve to be more effective and meet the worlds changing threat.

Tags: identity theft, Online Fraud, PCI

This entry was posted on Thursday, April 2nd, 2009 at 10:19 am and is filed under Financial Services, Online Retail, Technology. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.