Comments on: Why PCI Has Not Reduced Fraud http://www.storefrontbacktalk.com/securityfraud/why-pci-has-not-reduced-fraud/ Techniques, Tools and Tirades about Retail Technology and E-Commerce Fri, 19 Mar 2010 23:24:36 +0000 http://wordpress.org/?v=2.9.1 hourly 1 By: joel weise http://www.storefrontbacktalk.com/securityfraud/why-pci-has-not-reduced-fraud/comment-page-1/#comment-61933 joel weise Thu, 18 Jun 2009 15:06:41 +0000 http://www.storefrontbacktalk.com/?p=3190#comment-61933 I think this position is hard to quantify with respect to an actual security ROI - PCI s/b viewed within the context of a larger defense in depth strategy (and especially collectively for the community at large). as such and with any batch of stats one can argue both ways - I for one see value in PCI - if and when it is applied correctly, i.e., when driven by a risk based approach. I think this position is hard to quantify with respect to an actual security ROI – PCI s/b viewed within the context of a larger defense in depth strategy (and especially collectively for the community at large). as such and with any batch of stats one can argue both ways – I for one see value in PCI – if and when it is applied correctly, i.e., when driven by a risk based approach.

]]> By: Tom Mahoney http://www.storefrontbacktalk.com/securityfraud/why-pci-has-not-reduced-fraud/comment-page-1/#comment-61894 Tom Mahoney Thu, 18 Jun 2009 02:26:00 +0000 http://www.storefrontbacktalk.com/?p=3190#comment-61894 I'm having a problem getting my head around the concept that PCI reduces fraud for the merchant in compliance. Maybe in a remotely peripheral sense if a few of the hacked cards resulting from non-compliance are used against the merchant from whom they are stolen. I don't see any other ROI for an individual merchant unless they are breached and were not in compliance. Then, the ROI in the form of avoided fines can be significant. I'm not against PCI compliance and I'd agree that overall it can certainly reduce fraud collectively for the merchant community. But to say that it will reduce fraud for the merchant in compliance is a stretch. Tom Mahoney, Director Merchant911.org I’m having a problem getting my head around the concept that PCI reduces fraud for the merchant in compliance. Maybe in a remotely peripheral sense if a few of the hacked cards resulting from non-compliance are used against the merchant from whom they are stolen.

I don’t see any other ROI for an individual merchant unless they are breached and were not in compliance. Then, the ROI in the form of avoided fines can be significant.

I’m not against PCI compliance and I’d agree that overall it can certainly reduce fraud collectively for the merchant community. But to say that it will reduce fraud for the merchant in compliance is a stretch.

Tom Mahoney, Director
Merchant911.org

]]>