Information Security News
mailing list archives
After Target, Neiman Marcus breaches, does PCI compliance mean anything?
From: InfoSec News <alerts () infosecnews org>
Date: Tue, 28 Jan 2014 06:24:47 +0000 (UTC)
By Jaikumar Vijayan
January 24, 2014
The recent data breaches at Target and Neiman Marcus have once again shown
that compliance with the Payment Card Industry Data Security Standard (PCI
DSS) is no guarantee against an intrusion.
What's unclear is whether the problem lies in the standard itself, or the
manner in which it is implemented and assessed.
Neiman Marcus on Thursday became the latest company to suggest that PCI
compliance had brought it little security against a major intrusion.
In a letter to U.S. Sen. Richard Blumenthal (D-Conn.) explaining the
recent breach that exposed 1.1 million payment cards, Neiman Marcus CIO
Michael Kingston claimed the intrusion happened even though the company
had security measures that exceeded PCI standards.
Subscribe to InfoSec News
- After Target, Neiman Marcus breaches, does PCI compliance mean anything? InfoSec News (Jan 28)