Start or join a conversation about the PCI DSS and you’re going to get a broad range of opinions on the subject. It can be a sensitive topic that people tend to get very passionate about.

We were glad to be able to include a section in this year’s report and we hope you are finding the results informative and useful.

We’ve put up this blog post for your opinions on the data and questions concerning the data. You might also want to check out what others have been writing about the PCI information in the DBIR. A couple that I enjoyed:

Anton Chuvakin on his blog >>here<<

and

Martin Mckeay (of the excellent Network Security Podcast fame) on his blog >>here<<.

I’ve been reading, with no small amount of interest, about the congressional hearings surrounding the Payment Card Industry Data Standards (PCI DSS) that took place on March 30th. Over the last six months, various incidents and data breaches have renewed discussion about the Payment Card Industry’s Security Standards Council and the value of PCI DSS. It all came to a head on Tuesday in various testimonies given to the Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology (or ‘SETCAST’ – see http://www.homeland.house.gov/hearings/index.asp?ID=185). I thought I’d take the opportunity to write my first blog post for Verizon Business to discuss why I think the PCI DSS is just fine.

(more…)