TOPICS >> PCAOB | Encryption | GRC | PCI DSS | Internal Audits | Data Loss Prevention | Sarbanes-Oxley
Fraud management and PCI
The PCI-DSS has taken its lumps as of late, but not without reason. I think it's fair to say that the standard has carried some overblown expectations from the start. A former Gartner analyst notes: "For E-Commerce merchants, the decision whether to cancel potentially fraudulent transactions had been made based on AVS (address verification), CVV (card verification value), velocity checks, Verified by Visa, MasterCard SecureCode, and other, newer transaction analysis tools, rather than based on PCI mandated system logs, access control records, or any of the system monitoring tools."
That's not to say the PCI data has not been valuable. PCI controls can help in catching cases of internal fraud. For some this state of affairs is an opportunity. "There is a real need for fraud analytics that integrate PCI controls and are designed specifically for the fraud management department, rather than for the IT management department."
For more:
- here's the analysis
Related Articles:
Time to go beyond PCI?
New PCI standard points to data security needs
Is end to end encryption the answer?
Comments
Post new comment
Home
| Subscribe | Advertise | Mobile Edition | RSS |
Privacy
| Site MapTHE FIERCEMARKETS NETWORKFierceFinance | FierceFinanceIT | FierceComplianceIT | FierceHealthcare | FierceHealthFinance | FierceHealthIT | Hospital Impact | FierceMobileHealthcare | FierceCIO | FierceCIO:TechWatch | FierceContentManagement | FierceMobileIT | FierceGovernmentIT | FierceBiotech | FierceBiotech Research | FiercePharma | FierceVaccines | FierceBiotechIT | FiercePharma Manufacturing | FierceIPTV | FierceOnlineVideo | FierceTelecom | FierceVoIP | FierceBroadbandWireless | FierceDeveloper | FierceMobileContent | FierceWireless | FierceWireless:Europe© 2009 FierceMarkets, Inc. All rights reserved. |
 |