PCI Security Problems: The Practical Versus The Perfect

Written by Evan Schuman
February 13th, 2013

Security rules are wonderful things, and nowhere are they more needed than in retail and payment-card data. But a common criticism of the organization handling such matters—the PCI Council—is that it delivers security edicts in a vacuum, with minimal regard to how different types of merchants function in the so-called real world. Such critics were given three golden examples this month. The examples, in the areas of cloud guidance, P2PE validations and Windows XP end of life, illustrate the types of collisions that are inevitable when committees seeking ideal security approaches run into chains with razor-thin margins (or losses), workforce reductions and store closings. Put more bluntly, it’s the age-old battle of the ideal versus the pragmatic.

This is explored in StorefrontBacktalk‘s February monthly column in Retail Week, the U.K.’s largest retail publication. The column lives here at Retail Week. For those who don’t have a Retail Week subscription—shame on you!—here’s a copy at StorefrontBacktalk. You can also check out all of our recent Retail Week columns here.


One Comment | Read PCI Security Problems: The Practical Versus The Perfect

  1. AC Says:

    BRAVO, I could not agree more. While members of the PCI “board” will argue that they (and their vendors) are able to comment and provide “input” to the standards, what is actually in the standard is under the control of key individuals within the PCI organization and the card associations. QSAs and auditors have absolutely no input mechanism, so their guidance on how this could be realized (or not) for implementor is absent. this results in your examples and many people shaking their heads saying “what were they thinking…”


StorefrontBacktalk delivers the latest retail technology news & analysis. Join more than 17,000 retail IT leaders who subscribe to our free weekly email. Sign up today!
Our apologies. Due to legal and security copyright issues, we can't facilitate the printing of Premium Content. If you absolutely need a hard copy, please contact customer service.