Thursday, October 09, 2008

Compliant, Not Compliant OR "Thought to Be Compliance:

Here is a fun bit of PCI trivia. I thought that one can be "compliant" or "not compliant."

Turns out there is a third choice: "thought to be compliant."

The quote is: 'The news is that Forever 21 (a clothing chain) which has been maintaining it was PCI compliant was, er, not. Seems their assessor missed databases containing cardholder data, and the bad guys found them. Those databases got breached. So it looks like their claim to be PCI compliant translates into a big "never mind."'

Dr Anton Chuvakin