Published on Computing.co.uk at http://www.computing.co.uk/computing/news/2225568/pci-under-fire
Security experts have sharply criticised the new Payment Card Industry Data Security Standard (PCI DSS), describing it as ineffective and immature.
Speaking exclusively to Computing, Alan Calder, chief executive at consultancy firm IT Governance, argued that many firms are still flouting the standard and escaping fines despite the deadline for compliance passing years ago.
"On the one hand it is an exciting global standard, but penalties for non-compliance are still not clear," he explained. "It is not clear that the acquiring banks will levy big fines on companies [because the customer] may decide to go and bank somewhere else."
Calder added that the banks' priorities are often misguided, pointing out that small tier-four vendors are sometimes targeted while larger retailers escape punishment. He believes that PCI DSS may become more effective if it is mandated by law.
Calder also predicted more data loss scandals in central government because "systemic failure cannot be fixed in three months".