PCI makeover

[thehorse13]

Now this is an interesting twist on PCI regulations.

http://news.com.com/Credit+card+secu...l?tag=nefd.top

[Tiger Shark]

Ahhh.... The oldest question in the security industry... Do I make it secure or do I make it cost effective and usable???

But isn't the ball being dropped again, (or am I missing something????)... If the application understands encryption then if the application is compromised so is the data. If the OS understands encryption then the legacy apps don't need to understand it and either the OS or the app needs to be compromised.

The proposed solution is to drop encryption, which occurs for the most part automatically of is relatively easy to set up, and allow operations to complicate the perimeter with additional and probably unneccesary layers in order to give them the "warm and fuzzies"...

Personally I don't see the benefits here... I can see some potential detriments... especially since they have my CC data....

[thehorse13]

The proposed solution is to drop encryption, which occurs for the most part automatically of is relatively easy to set up, and allow operations to complicate the perimeter with additional and probably unneccesary layers in order to give them the "warm and fuzzies"...

Yep, my feeling exactly. This is why I constantly complain to C level execs about business process efficiencies and stripping out high cost low return security "solutions" that support hig cost low return business processes.

Anyway, before I get all worked up, lemme finish my cup of joe...



--TH13