Monday, October 06, 2008

Was Forever 21 wrongly certified PCI compliant?

The risk of being security professionals...I find it shocking and entertaining at the same time that a merchant takes a PCI certification as an excuse for lack of security and responsibility.

Breached clothing retailer Forever 21, which last week said it has been Payment Card Industry (PCI) compliant since 2007, apparently should have never been certified.
The Los Angeles-based company told a retail blog this week that its PCI Data Security Standard assessor failed to unearth tens of thousands of credit card files that it was unknowingly storing despite being unauthorized to do so.

Read the full article: http://www.scmagazineus.com/Was-Forever-21-wrongly-certified-PCI-compliant/article/118739/

1SSA - Security consulting, training and products: http://www.1ssa.net