PCI DSS is 'ineffective and immature' 

A company has spoken out against the proliferation of the Payment Card Industry Data Security Standard (PCI DSS), calling the system underdeveloped and lacking effect.

In an interview with online resource Computing, Alan Calder of consultancy firm IT Governance highlighted the drawbacks of the scheme after noting the standard's rules as susceptible to flouting even though they were set in stone years previously.

He added that much of the problem was down to PCI DSS not being governed by a legal mandate, as larger retailers were escaping punishment and "tier-four" users were targeted instead.

Mr Calder added: "On the one hand it is an exciting global standard, but penalties for non-compliance are still not clear.

"It is not clear that the acquiring banks will levy big fines on companies [because the customer] may decide to go and bank somewhere else."

Back in June, vnunet.com noted that new information security guidelines enforced on the PCI from June 30th did not address the threat of insiders.ADNFCR-1282-ID-18773941-ADNFCR