Reply to post: Re: I bet it's even less in reality...

Verizon: Just 25% of global businesses comply fully with the Payment Card Industry Data Security Standard

Anonymous Coward
Anonymous Coward

Re: I bet it's even less in reality...

I hate to disagree with you, but I think that the PCI DSS was written specifically for companies that run all of their PCI transactions on IBM's z/OS.

I have been in IT for over 30 years, have been certified before (it was a collosal waste of my money,) and have had to maintain compliance with the changing PCI standards for more than a decade.

In my experience small to mid-sized companies need to employee at least 3 specialists working full time to maintain compliance.

The only changes I'd suggest to the PCI certifictation process would be to make it a requirement that no company over a certain size be allowed to self-certify, and that no company be allowed to use the same auditors for consecutive yearly audits. I have experience with several auditing firms and NONE OF THEM have performed the same checks.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon