http://www.paymentsystemsblog.com/2008/11/06/a-pabp-compliance-press-release-that-raises-some-concerns/ David D. Bergert Sun, 11 Apr 2010 04:11:23 +0000 http://wordpress.org/?v=2.9.2 hourly 1 http://www.paymentsystemsblog.com/2008/11/06/a-pabp-compliance-press-release-that-raises-some-concerns/comment-page-1/#comment-676 Carl Willem Thu, 13 Nov 2008 08:53:21 +0000 http://www.paymentsystemsblog.com/2008/11/06/a-pabp-compliance-press-release-that-raises-some-concerns/#comment-676 I have seen alot worse from Trustwave then approving Windows 98 systems with cardholder data. Several databases containing unencrypted cardholder data, sensitive authentication data stored post authorization, no working processes and routines and so on is not uncommon to have passed an audit by Trustwave. I have a friend that has performed alot of forensic investigations regarding card fraud and none of them have been even close to compliant and Trustwave was the assessor in all cases. It might just be a coincidence that Trustwave have come up in these cases but I belive the QSA's needs to step up if PCI DSS is gonna survive. I have seen alot worse from Trustwave then approving Windows 98 systems with cardholder data. Several databases containing unencrypted cardholder data, sensitive authentication data stored post authorization, no working processes and routines and so on is not uncommon to have passed an audit by Trustwave. I have a friend that has performed alot of forensic investigations regarding card fraud and none of them have been even close to compliant and Trustwave was the assessor in all cases. It might just be a coincidence that Trustwave have come up in these cases but I belive the QSA’s needs to step up if PCI DSS is gonna survive.

]]>