Since I reported that Heartland had their PCI compliant status suspended, I think it’s only fair to report that they’ve been revalidated as of May 4th.
Whether or not they were compliant during their on-going six month breach is anyone’s guess. They continue to claim that the were. The PCI Security Standards Council is sticking to their story that no compliant entity has ever been breached. I won’t say one of them is fibbing but they certainly can’t both be right.
One thing I think we can count on is that Version 1.3 will come as result of this. Neither party will tell us the real deal. Doing so would probably reveal that the Standard has at least one hole in it.
Similar Posts:
- The Last of the Heartland Breach
- PCI Compliance – Do it or cease doing business
- PCI Hard to Justify?
- The Legal Implications, Risks and Problems of the PCI Data Security Standard
- Merchants Struggle to Comply With PCI Security
