White Papers for Federal Financial Institutions Examination Council (FFIEC)

The PCI Data Security Standard:

Tripwire

A major advertising campaign by Visa states that the card is accepted “everywhere you want to be.”
Unfortunately (and through no fault of Visa),a great deal of credit card data and other sensitive information
has ended up in a lot of places that people would rather want it not to be.It seems that not a day goes by
without reports of a high-profile credit card or credit data loss or compromise. The Washington Post has
dubbed 2005 “the year of the data breach.”
Unfortunately,these events are usually followed by calls in the press and government for additional data
protection legislation. Representative Edward Markey of Massachusetts cited the infamous CardSystems,
Inc. security breach (causing the theft of up to 40 million credit card records) as an event that “only under-
scores the need for new federal legislation to protect American consumers .” The rash of data loss and
compromise incidents even caused the CISO one of one of the victimized companies to remark that “Intervention is good … but the toughest part about legislation right now is you don't know where it's coming from and you don't now that you expect as CISP,or the Cardholder Information Security Program,Providers that handle Visa payments or card data.American Express, Diner’s Club,Discover,based on CISP,service providers that handle,transmit,card data,were required to be compliant with PCI as of June 30,2005.
In September 2006,for failure to comply.

View the White Paper

Share or bookmarklet this web page at: