New PCI Standards Disregard Inside Threats

Starting June 30, new measures inserted in the Payment Card Industry (PCI) standard will be inforced. However, representatives of a database security firm point out that the new additions do nothing to address inside threats.

As Vnunet.com shows in a recent article, the new measures require that companies dealing with stored credit card and other consumer financial data either install firewalls around all internet-facing applications or have all customer application code reviewed for common vulnerabilities.

Secerno representatives showed that the new and “improved” standard does not address real threats effectively:

“The PCI Data Security Standard has the best intentions but, as is the case with many compliance directives, it barely addresses the most immediate and upcoming threats to consumer data,” said Paul Davie, founder of Secerno.

“It is generally inadequate for addressing the sort of internal threat that can be exploited easily, such as by general or privileged users.”

Other than completely ignoring ill willed insiders, the PCI standard also fails to regulate data encryption requirements, database security policies, measures of protecting data on private networks.

Leave a Reply

Name (required)

Mail (will not be published) (required)

Website

Related Posts from the Past:

• Endpoint Protector 2008 Addresses Wireless USB Security Issues
• Hannaford - An Inside Job
• Insider Compromises 2 million Private Records
• CareFirst Dental HMO Exposes Data of 75,000 Members
• A New Approach to Stealing Identities