Friday, January 25, 2008

99% PCI Compliance?

Via PCIDSS blog we hear that "99% of Level 1 Merchants and 92% of Level 2 Merchants have met compliance or have submitted an approved remediation program."

Is this cool or what?
I bet it is an "or what" :-)

Others say "more than a year after the TJX breach first came to light, only 30 percent of retailers are PCI compliant, according to Sophos’ 2008 Internet Security Report. "

What's the story here? Some numbers are for Visa 'Level 1s' only while others are for all merchants (all levels?), but this is still too big a difference...


Anonymous said...

I think the key phrase here is "have submitted an approved remediation program".

Anton Chuvakin said...

That's EXACTLY what I thought: action claimed/planned =/= action taken....

Thx for the comment!

Dr Anton Chuvakin