|
|
|
|
|
|
by coredog64
2754 days ago
|
|
|
When we’re talking about the payment card data that was exposed, I thought there was a mechanism to charge companies on risk. My understanding of PCI DSS is that you have regular audits, and if you fail those, the cost charged by card companies goes up. IME, you can get away with quite a lot during the audit. You don’t have to be perfect, you just have to have a plan to fix what was found. I would guess that breached app was incorrectly classified as not in scope. PCI audits suck, and so there’s a huge incentive to classify your app/system as not in scope. Do agree that the fine structure is what will get action. GDPR has raised the interest of making some improvements in how PII is managed. |
|
|