In this episode, Dennis Fisher brings on Rich Mogull of Securosis to talk about the FTC demanding information from PCI assessors. The PCI standard has been in place for more than a decade now and while it has contributed to raising the level of security, the assessment industry has long been fraught with problems. Rich talks about the conflicts of interest in the assessment process, why nothing has been done about it before, and what the FTC might do with the data it gathers from the assessors. They also talk about the interest the FTC is taking in how many companies that suffered a data breach had gotten a compliant assessment the previous year.
Music by Chris Gonsalves and Ken Montigny.