PCI: Retailer Security FailuresCouncil Working to Educate Merchants, Congress on Threats
Troy Leach of the PCI Security Standards Council says data security standards are not failing; they just aren't being applied continuously. And conformance with the Payment Card Industry Data Security Standard is just one piece of the puzzle.
Merchants, in particular, need to spend more time focusing on end-to-end protections, facilitated through encryption and tokenization, Leach says. To that end, the PCI Council is focusing more of its attention on merchant education, and is working to enhance information sharing about emerging malware trends.
During this video interview with Information Security Media Group at RSA 2014, Leach discusses:
- The limitations of chip card technology;
- Why PCI data security standards do not cover all aspects of card-fraud prevention;
- Steps the PCI Council is taking to ensure consumers and businesses continue to have faith in the payments system.
In his role as lead security standards architect for the PCI Security Standards Council, Leach has developed and implemented a comprehensive quality assurance program to promote consistency within the council's QSA, ASV, PA-DSS and PED programs. Before joining the council, Leach led the incident-response program at American Express, where he reviewed more than 300 cases of account data compromises. Over the past 18 years, he has held positions in systems administration, network engineering, IT management, security assessment and forensic analytics.