a href=”http://www.continuumww.com/security.aspx”>PCI compliance is not the only means to secure sensitive information on PCI data systems. While it is true that there is really no 100% way of protecting such a large and extensive system, there are other ways to prevent criminal elements from accessing the data in there. So does this mean that PCI compliance should not be made into a law?
Let’s face the facts first.
Fact # 1: The technology race between protection systems and hackers is always close. Penetration testing and network security assessment make sure that the protection systems are at least a step ahead of those trying to crack it. However, since technology is always moving forward, there will be times when hackers would be just a step faster than security systems. During these times, PCI data becomes compromised.
Fact # 2: It takes a certain amount of authority to nudge these big credit card companies in the right direction. Since updates and upgrades in security systems require spending a lot of money, it is only natural for them to resist changes. However, local governments can impose local ordinances or laws that prompt these companies to tighten security and warn consumers about changes. The question is should these ordinances be made into federal laws? I don’t think so.
Fact # 3: Even if PCI compliance is made into a federal law, it will take a long time for changes to be implemented. Only time can tell if these changes can take effect before criminal elements find a way to hack the systems again.
Cutting the long story short, I don’t think making PCI compliance a law is not going to work.