Security research, news and guidance

PCI council devises a 12-step program for meeting security standards

February 28, 2009  |  Written by admin  |   PCI DSS   |   Leave a comment

The PCI Council will be releasing a list of 12 milestones for businesses to address on the way to becoming PCI compliant. The list will contain milestones such as removing unnecessary sensitive data (do people really need to be told that?) from systems.

The full article explaining the milestones can be found here. I think the most interesting point in the article is from Bob Russo of the PCI Council, he said:

“Businesses that are compliant with PCI standards have never been breached, says Bob Russo, general manager of the PCI Security Standards Council, or at least he’s never seen such a case. Victims may have attained compliance certification at some point, he says, but none has been in compliance at the time of a breach, he says.”

I might be wrong but Heartlands and RBS WorldPay were PCI Compliant and they were breached! I have come across a great discussion around this statement at I think they are making some very valid points over there so I’m not going to repeat them here, go over and visit the discussion on Securosis and let me know what you think.


This entry was posted on February 28, 2009 at 10:46 pm and is filed under PCI DSS . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a comment


Look at our latest security Videos & SlideShares


Upcoming Security Events & Seminars


Check out our Podcasts & White Papers