Here's an interesting new tidbit: apparently, CardSystems had been certified to comply with the Payment Card Industry Data Security Standard (PCI). They were audited, found to be in compliance, but were operating out of compliance in a manner contrary to the regs. According to the PCI, these folks should be fined for non-compliance. So will they be?
CardSystems will be an interesting case study and will establish a precedent for the PCI in future: will there be fines against CardSystems and thus set the precedent of enforcement, or will there be no impact to CardSystems and thus set the precedent that the PCI (like the CISP) is a paper tiger. So far, the (lack of) reaction from MasterCard has been pretty telling; maybe Visa will have something more to offer than MC's finger-wagging.
Posted by Ed at June 23, 2005 10:36 AM