One of my biggest beefs with the security technology industry and even with auditors and legislators has been to mindlessly push encryption as the solution to data theft problems.
To quote Bruce Schneier again:The ultimate solution. Well, the payment application vendors, supposedly prodded by the likes of Visa and Mastercard, have been recording varying levels of details about payment transactions for 18 months. Thus, the credit card companies have been part of the problem here and with this requirement change, they can become part of the solution for once. They have a great racket...
It all depends on your threat model whether encryption solves your problem or not. If the data theft is due to an application or business logic flaw, then encryption is unlikely to do anything for you (e.g. an XSS attack can reveal encrypted data just fine...)
Group drafts rules to nix credit-card storage
PCI PA-DSS draft does away with requirement for persisting credit card data
0 TrackBacks
Listed below are links to blogs that reference this entry: PCI PA-DSS draft does away with requirement for persisting credit card data.
TrackBack URL for this entry: http://juxtaposition.axley.net/blog-bin/mt-tb.cgi/741
Bookmooch!
«« December 2010
| Sun | Mon | Tue | Wed | Thu | Fri | Sat |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | 5 | ||
| 6 | 7 | 8 | 9 | 10 | 11 | 12 |
| 13 | 14 | 15 | 16 | 17 | 18 | 19 |
| 20 | 21 | 22 | 23 | 24 | 25 | 26 |
| 27 | 28 | 29 | 30 | 31 |
Contact: Jason Axley
Search
Recent Posts
- Christmas Car Break-in
- ABC News poll on TSA scanners misleading
- Skepticblog ยป Get Fed Up: Report Medical Quackery to the FDA
- Google Voice Chat QoS
- Understanding Atheists/Agnostics
- Favorite new Android apps
- Rooting and Optimizing the Sprint HTC Hero (CDMA)
- Taxonomy of Blue Angels Haters: What kind of hater are you?
- Stupid Android market bug STILL affects 2.1 OS
- AT&T Leaks email addresses of 114,000 iPad users
Leave a comment