[attrition] rant: PCI: A Brand, Not a Security Standard

lyger lyger at attrition.org
Sat May 9 03:19:50 UTC 2009


http://attrition.org/security/rants/pci/heartland01.html

Fri May 8 21:09:02 EDT 2009
security curmudgeon

I am so fed up with this entire ordeal. As a customer who was twice 
affected by Heartland's security breach (two different cards through two 
institutions were re-issued because of the breach), I am disgusted with 
Visa and Heartland. PCI and its cheerleaders make me angry.

Visa is a PCI fan because it transfers risk to their customers, and 
removes liability from Visa. It's in their best interest to maintain the 
integrity of PCI at any cost, even when that cost is violating their own 
integrity. How can anyone sit back and groan about this ordeal without 
getting mad? Visa, PCI and Heartland are as bad as Enron, as bad as the 
Wall Street thugs who tanked the economy, and are nothing more than 
wealthy criminals.

I have asked Visa to comment on specific aspects of this. Attrition has 
had calls in to Heartland to comment on points of confusion and question. 
We sit here, unsatisifed, without answers and wondering why either can 
stay in a position of financial power.

[..]


More information about the attrition mailing list