All the latest UK technology news, reviews and analysis
|
|
|
29 Sep 2006
UK companies handling credit card data must be compliant with the Payment Card Industry Data Security Standard (PCI DSS) by 30 June 2007 or face being dumped by credit card companies.
The deadline had originally been pushed back from 30 June 2006 because of the introduction of chip-and-pin.
"Chip-and-pin delayed companies becoming PCI compliant because the credit card companies said that they could not do both at the same time. It's a big move in the UK market," Jon Shaw, European sales manager at encryption firm Ingrian, told vnunet.com.
Shaw explained that the cost of chip-and-pin had led to the delay. "After chip-and-pin Visa, MasterCard and American Express had a big push on PCI. But a lot of the major retailers were not particularly happy," he said.
However, Ingrian maintained it is unlikely that the deadline will be pushed back again.
"It is possible that the deadline could shift, but it is not probable," said Erich Baumgartner, vice president of sales and marketing at Ingrian.
Baumgartner explained that the PCI standard is made up of 12 or 13 different criteria, 10 of which are technologies that a lot of companies already have in place.
"They can show the auditor that they are using their intrusion detection systems this way, they are using their firewalls that way and they have virtual private networks so that information is encrypted in transit," he said.
"But the big gap is that nobody has been deploying encryption to secure that sensitive data when it is at rest."
Latest stories from Security
Related articles
Related jobs
Poll
What will be the biggest change to corporate technology in the future?
TFL director of Games transport Mark Evers discusses how the public transport network is preparing for this summer's event
Connect with V3.co.uk
The wrong printers, for the wrong tasks on the wrong contracts
Who leads the BI pack and who should we be watching out for?
PHP developer - CSS, HTML, Javascript, MySQL, Linux...
Senior BPM Developer (Java, J2EE, Agile, Spring, Struts...
As a Business Analyst you will play a key role in understanding...
C#/ASP.NET Team - Gloucester - My client has an urgent...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Half-Way
It's needed something more here. We're half way, only. Bogus webshops with scanned credit card company logos will still lure people in a rocketing way. Spread of Identities won't be stopped by PCI solutions. It's not just eShopper who is criminal. There are criminal vendors, criminal staff at honest vendors/web portals/at PSPs and brute force is still an ongoing method to steal valid credit card not to forget spywares in eShopper computer. Moreover, encryption SSL-128 is already compromised and thats published. We must assemble our techniques to the Sources and start considering the fact that to becoming a criminal eShopper one must steal the Identity in the first run. When its already stolen it's in my opinion very late for actions. An analogue: Pain in our hands can be cured by Aspirin. Better is to do something to the wooden piece stuck into hand.
Posted by: William Palmborg, SecuraCharge 29 Sep 2006