What I had suspected in January is that the Target breach was a failure of process and not a failure of technology or any new previously unknown risk. It’s a conclusion that Bloomberg Businessweek came to, as well.
You see, the reality is that all modern IT payment infrastructure needs to comply with the Payment Card Industry (PCI) Data Security Standard (DSS. PCI DSS includes multiple layers of security technology and processes. While PCI DSS might not be perfect, it does work, and at one point in time, Target was PCI DSS-compliant.
Read the full story at eWEEK:
Preventing Target’s Troubles: Locking the Door Against Data Breaches
Sean Michael Kerner is a senior editor at InternetNews.com. Follow him on Twitter @TechJournalist.