Company

Technical Security Consulting

Managing Risk

Research & Development

Forensics

Security Management

Media Centre

PCI DSS

• Home
• Overview
• Press Releases
• Index
• IRM is now a PABP
• IRM Comments on the Computer Weekly PCI Article of 12 June 2007
• IRM Has Become a QFI
• IRM Demonstrates Multiple Cisco IOS Exploitation Techniques
• IRM is awarded Qualified Forensics Investigator (QFI) status by MasterCard
• IRM In The News

IRM Comments on the Computer Weekly PCI Article of 12 June 2007

 

The front page article in the June 12^th issue of Computer Weekly Magazine entitled “Card Firms Ease Back on Security Demands” has caused a bit of a stir in the retail sector. However, the article does not provide any new insight into the deadlines for PCI DSS compliance nor does it change any of the requirements. The article simply takes the comments of two major players in PCI DSS out of context and extrapolates them too far. 

Both of the major card brands are keen for retailers to show commitment and progress in remediating their systems for PCI compliance and it is this that is exercising them, rather than compliance dates. In reality, both the VISA and the MasterCard compliance dates have passed and all non-compliant retailers are in breach of the standard and could be fined.   

MasterCard Europe, however, waived its right to levy assessments (could be seen as fines) until the end of June 2007. The first of these assessments is expected in September of this year. Meanwhile VISA International is fining companies in the USA but has not yet expressed any intention to do so in the UK. 

As Paul Baker, VP at MasterCard Europe, said “If retailers are in any doubt about the need to be PCI DSS compliant they should talk to their Acquirer.”