Comments on: Dave Hogan doesn’t know PAN

By: Weekend Redux – 08.09.2009 « Security Stallions Blog

Weekend Redux – 08.09.2009 « Security Stallions Blog — Mon, 10 Aug 2009 02:50:23 +0000

[...] Whether of not you’re a fan of PCI it’s always a good idea to know both sides of the story. In that case the post over on Chaordic Mind is some enlightened reading and, if true, makes Dave Hogan (CIO of the National Retail Federation) look like, well, kind of a schmuck. [Dave Hogan Doesn't Know PAN] [...]

By: admin

admin — Fri, 07 Aug 2009 19:43:25 +0000

Cranston, what I find ironic is that the NRF is telling the world that the card brands ate trying to shift risk, when in reality it is the card brands that are trying to protect innocent merchants from the failures of compromised merchants.

The card brands are ostensibly trying to help some NRF merchants from others who suffer data breaches. Instead of helping out his constituency he puts ALL of the blame on others.

I didn’t hear Dave say much about this in his testimony or 60 Minutes spot.

By: Cranston Snoard

Cranston Snoard — Fri, 07 Aug 2009 17:35:27 +0000

Actually, the card companies COULD do more on fraud and could provide means which lower the exposure to merchants.

The card companies can’t use the “we can’t provide a one size fits all solution” excuse for not doing more when they themselves are basically inflicting a one size fits all requirement with PCI DSS.

While a one-size-fits-all solution won’t work, they certinly could try harder to provide some different sizes of solutions based on the current merchant levels.