Re: Do the Payment Card Industry Data Standards ReduceCybercrime?

["Sasha Romanosky" <sromanos () andrew cmu edu>]

Thanks for the tip!

I think "cybercrime" might be too broad of an outcome to practically
measure, but it's a geat question. Oddly, the subcommittee seemed to be
under the impression that full PCI compliance is entirely sufficient to
prevent a breach. I hardly think anyone, especially those from the PCI
council, would make such a claim. 

The other thing I learned is that its really hard to be articulate (and
correct) on the spot when pressed with questions in a house committee
hearing. :) 


The archive video and transcripts are available at: 
http://hsc.house.gov/hearings/index.asp?ID=185 


> -----Original Message-----
> From: dataloss-bounces () datalossdb org 
> [mailto:dataloss-bounces () datalossdb org] On Behalf Of 
> security curmudgeon
> Sent: Tuesday, March 31, 2009 3:08 PM
> To: dataloss () datalossdb org
> Subject: [Dataloss] Do the Payment Card Industry Data 
> Standards ReduceCybercrime?
>
>
>
> ---------- Forwarded message ----------
> From: Anton Chuvakin <anton () chuvakin org>
>
> This is going on right now in live video here 
> http://hsc.house.gov/about/schedule.asp , BTW.
>
> "*Tuesday, March 31, 2009 @ 2pm*
> *311 Cannon House Office Building*
>
> Subcommittee on Emerging Threats, Cybersecurity, and Science 
> and Technology Hearing
>
> *Do the Payment Card Industry Data Standards Reduce Cybercrime?*
>
> *Witnesses:*
> Rita Glavin, Acting Assistant Attorney General, Criminal 
> Division, Department of Justice Robert Russo, Director, 
> Payment Card Industry Data Security Standards Council Joseph 
> Majka, Head of Fraud Control and Investigations, Global 
> Enterprise Risk, Visa Dave Hogan, Senior Vice President and 
> Chief Information Officer, National Retail Federation Michael 
> Jones, Chief Information Officer, Michaels Stores Inc.
>
> The hearing will examine the effectiveness of the Payment 
> Card Industrys Data Security Standards, which are security 
> requirements for all businesses that store, process, or 
> transmit cardholder data.  These standards were established 
> to reduce the number and size of data breaches, the proceeds 
> of which may be used to fund terrorist activity."
>
> Live twitter coverage: 
> http://search.twitter.com/search?q=%23pcihearing
>
> Ah, some would ask what is the score so far: Committee:1, PCI: 0 :-(

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)

CREDANT Technologies, a leader in data security, offers advanced data encryption solutions.
Protect sensitive data on desktops, laptops, smartphones and USB sticks transparently 
across your enterprise to ensure regulatory compliance.
http://www.credant.com/stopdataloss