For any eCommerce merchant to have any iota of a scintilla of credit card payment options, the site must be fully Payment Card Industry (PCI) compliant. If the site isn't compliant, the merchant is liable for audit or fines and may lose the ability to process credit card payments. The PCI standard is meant to prevent credit card fraud and protect from security vulnerabilities and breaches.
However, new provisions in section 6.6 don't take into account insider threats, such as data theft. The current standard focuses on external threats; specially, the new measures require that companies with stored credit card and other customer financial data install firewalls around Internet-enabled applications or review customer application code for security vulnerabilities.
And according to Paul Davie founder of Secerno, a database security company, insider threats is PCI's "blind spot."
Davie should've given the FBI a talking to a while back.
Posted
Jun 23 2008, 05:00 PM
by
Richly Chheuy