The following is my bitch about the PCI Security Standards Council.
“Hey..WTF?”, you may say, “Draz, you have been a huge supporter of PCI DSS for a long time!…We always see you in the press being quoted on the positives of PCI DSS and we read stuff in Beast or Buddha all the time about your positive thoughts on it!”…..Yeah, I have been, but my patience/interest with the “governing” body is in some serious problems! Where do I start…no particular order:
1. Their care factor in Asia Pacific is small. Fair enough, the US market is far larger, but to only run 1 cert and re-cert per year in all of Asia Pacific per year is hard. Most of us have to travel 8-10 hours on a plane plus the expenses to do it. (Talking about Australia). Forgetting the cost factor – compare that to the number of courses in the US. At least give us 2-3 more options if you are serious about this being a global program! Don’t then tell us that much of the CC fraud problem stems from this region and this region lags behind the US in terms of business compliance with PCI DSS.
2. Personal: I have spent the last 2,3,4 months….I’ve lost track of how long I have been trying to explain to them that Security-Assessment.com Australia/Asia Pacific has renamed to Securus Global and could our details be updated on their site. I’ve done all they have asked and all that has happened is that we’ve gone around in circles. So now, their biggest supporter here is not even registered as a QSA – even though paid up on the large yearly fee! I won’t go into detail of the BS that has gone on to the detriment of both SG and SA in recent weeks.
3. Who is running the show? Has the Payment Card Industry outsourced all accountability and ownership?
As a newby here, I take your word for your commitment to PCI but I don’t doubt it. Give me time to read the PCI categories.
Your comments though are blunt and what most seem to scared to say just in case they upset the people that certify them! It must be the Ausie mentality and way! My full support from anon.
It’s all a game as we know. You may well DD pull out and some bunch of monkeys come in and take your business. Seems like, not that it is a surprise, the “INDUSTRY” could not care less!
You are being too nice!
Same IP response, different man….Seems like the success rides on what SG recommends!
Why did you even bother DD?
The council is a bunch of BS!
Seems a bit of noise works and in the last 12 hours have had some awesome support from a few fronts – Visa in AP, Mike in the US (QSA Trainer) so hopefully some things may change in the next few days! I hear that a cert and re-cert may now also take place in Australia.
I think this says it all
http://www.itnews.com.au/News/73408,security-expert-slams-pci-auditing.aspx
Awesome….council tells me the cert and re-cert course is on now in Sydney in June! Thanks Mike, Visa and people who supported this here and elsewhere!
Vendor Safe Technologies sux. (PCI DSS for restaurants)
[...] because of how they operate. Before I rant, let me start with this from a couple of weeks ago; my last rant about them. Interesting responses! Also thought it was finally getting better at the end. Little did I [...]