Resources for Federal Financial Institutions Examination Council (FFIEC)

Security experts: Merchants Racing to the Bottom for PCI Certs

www.eweek.com

Security experts are starting to grumble about the Payment Card Industry Data Security Standard, saying that some merchants just want to get PCI-certified as cheaply and easily as possible—and that the PCI certification system is set up to help them do just that.

"The entire system seems to be set up not to find vulnerabilities," Jeremiah Grossman, chief technology officer and founder of WhiteHat Security, based in Santa Clara, Calif., and one of 135 security firms on the PCI Security Council's list of ASVs (Approved Scanning Vendors), said in an interview with eWEEK.

"We've had customers that wanted to debate the severity of certain issues because they needed to pass PCI. We sent them to another vendor we thought would pass them more easily. The last thing I want is a customer to get hacked on a vulnerability I didn't find."

View the Resource

Share or bookmarklet this web page at: