First Data CISO, Phil Mellinger told a group attending a recent PCI DSS conference that the PCI DSS standards should be eased to allow more businesses to meet the standards. The rules would rise gradually and reward compliant merchants.
Mellinger, who wrote the precursor to the current PCI DSS rules also called for a PCI DSS status directory listing compliant merchants. We would like to hear what you think about PCI DSS. We’ve heard complaints from merchants who say the rules are too rigid, while others say different auditors give varying interpretations of the rules.
Will it take another massive data breach for lawmakers to act? Is the private sector doing enough to police itself? Let us know what you think.