On the Purpose of Security Standards
An interesting article was published in Information Security Resources, titled: “Payment Card Industry Swallows Its Own Tail”.
The author seems to claim that PCI DSS may not survive for long, because the various stakeholders are too busy blaming each other for security breaches instead of trying to make the ecosystem more secure. Also, organizations that are PCI DSS compliant still suffer from security breaches, what seems to indicate that the standard is ineffective.
There are two questions that need to be asked: