|
|
 |
|
|
DISCLAIMER: Logging other people's keystrokes or breaking
into other people's computer without their permission can
be considered illegal by the courts of many countries.
The monitoring software reviewed here is ONLY for authorized
system administrators and/or owners of computers.
We assume no liability and are not responsible for any misuse
or damage caused by the keylogging software. The end user of
this software is obliged to obey all applicable local, state,
federal and other laws in his country of residence.
July 10, 2008
Payment data rules criticised
Department store John Lewis is unhappy about the inconsistency of requirements for systems geared at compliance with the Payment Card Industry Data Security Standard (PCI DSS).
The retailer plans to become fully compliant by the middle of next year and is introducing systems related to the 12 requirements for compliance, which
include reviewing storage arrangements for customer payment information.
Data encryption is a key focus area and the retailer is looking at ways to strengthen the security of customer details.
But achieving compliance has been a challenging process, mainly because of constantly changing requirements, said Frank Cordrey, head of development support at John Lewis.
“The goalposts of the PCI standard have been moved several times. It was fairly consistent and the objectives were clear at first, but there are a number of areas that have changed considerably in the past couple of years,” Cordrey told Computing.
The PCI DSS standard was introduced by Visa and MasterCard to enhance payment account data security and led to the foundation of the PCI Security Standards Council, a group of more than 460 businesses responsible for maintaining and publishing the rules. John Lewis is one of the members.
But requirements are often changed “on the fly”, which means that work carried out is out of date by the time companies go through compliance checks, said Cordrey.
“There are times when you need rules to be static for a while so you can catch up and take things forward. What I would like to see is someone accepting the fact that this is a big task and that if you want people to stick to rules, specifications must be retained,” he said.
“If I change any system based on an approved PCI specification that will potentially affect many other systems, only to have the requirements changed again, then it is a waste of time and money.”
More confusion is expected to stem from the release of the second version of the PCI standard in October, said Paul Brennecker, a PCI DSS security expert at consultancy Security Data Management.
Source: Vnunet.Com
All news for August, 2008
All news for 2008 year
All news for 2007 year
All news for 2006 year
All news for 2005 year
All news for 2004 year
DONATION: Keylogger.org is an independent research
project supported by a team of enthusiasts. If you find this
project useful or would like to help foster its continued
development please consider making a donation using PayPal`s
online secure payment service. A PayPal account is not required.
All major credit cards are accepted (MasterCard/Eurocard,
Visa/Delta/Electron, American Express, Switch/Maestro, Solo).
Simply click the button below.
Any amount would be useful and appreciated!
Thanks in advance for your support!
|
|
|
|
|
