One of the most important lessons I try to teach any newcomer to Cyber Security is that compliance does not mean security. In fact, compliance often creates a false sense of security.
Major retailers recently hit by point of sale malware were PCI compliant. This means their systems met payment card industry standards for security. And yet, their point of sale systems were still compromised by malware, putting customers' personal information at risk. I previously covered this problems with PCI compliance.
Unfortunately, even though most consumers have now been issued EMV chip credit cards, many businesses still aren't ready to accept them, and those that do are only requiring signatures, not PINs.
Oh, and did I mention that 95% of the world's ATMs are still running Windows XP?
These are just a few examples of problems consumers face when trying to protect themselves from identity theft or credit card fraud.
If you haven't signed up for identity theft protection, now would be a good time.
No comments:
Post a Comment