Preamble
As you can see in my barely updated linkedin page, I’ve been a CiSO for many years.
Since 2013, I’ve seen many different merchant profiles.
Sadly I also saw many data breaches, and more specifically Cardholder Data breaches.
Most of our customers back then got hacked through a variety of means, the most popular being unpatched CMSes.
They all shared a glaring, unforgiving trait : PCI-DSS requirements were not being followed.
What impact are you looking at ?
In some cases merchants believed in good faith they were not supposed to carry out this or that task.
In other cases they were quite happy to brandish the “I didn’t know” argument (which afforded no practical defense whatsoever, let it be known).
In yet other cases it was plain reckless disregard for the rules.
Either way I saw merchants get burned, I saw payment schemes fine them between $5 and $10 per stolen card and upgrade their PCI-DSS requirement to Level 1, requiring a yearly on-site audit, regardless of processed volumes.
Read the full post on our Blog by clicking here
