PCI DSS 2.0: Anton Chuvakin, PCI compliance expert, on what 2.0 means, Part 2

Posted: November 17, 2010 in Expert Q&A, Industry Commentary, PCI
Tags: , , ,

VPN Haus continues its conversation with PCI compliance expert Anton Chuvakin about the latest updates to PCI DSS 2.0, issued late last month.

VPN Haus: Do the new standards leave too much open to merchant’s interpretation?

Anton Chuvakin: This is really a $1 million-question and only practice will tell. I think the 2.0 version leave less than before to interpretation. For example, virtualization was a big question mark in many merchants’ mind and now it is resolved. Many other questionable and debatable points are clarified but I am sure merchants would come with more excuses as PCI DSS 2.0 is implemented in practice.

VPN Haus: Do you think pushing the DSS lifecycle from 24 months to 3 years will stagnate the rate of change? Or will it allow more time to investigate and build support around necessary changes?

Chuvakin: Well, I will side with [PCI General Manager Bob Russo] on this one:  PCI DSS is getting mature enough to not need change that frequently. While some assault the standard as “not being dynamic,” in reality doing what PCI DSS prescibes and doing it well, by following the spirit and not only the letter, will equip organizations for dealing with today’s and – in my opinion – tomorrow’s threats. For example, recent Verizon PCI report showed that compliant non-organizations seem to fare worse, which indirectly confirms that PCI DSS in its current form helps reduce risk of data theft.

See previous interviews VPN Haus did with Chuvakin on PCI compliance here and here.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s