Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

New Credit Card Breach Will Test PCI

The latest exposure of more than 4 million credit and debit card numbers may strain the validity and stability of the credit card industry's controversial security rules.
Yesterday the Hannaford Bros. grocery chain announced that more than 4 million customer credit and debit card account numbers were exposed. Hannaford Bros. also happens to be in compliance with the credit card industry's security rules. (Scroll to the bottom to read the PCI compliance statement.)

The Payment Card Industry Data Security Standards (PCI DSS) were put in place by the major card brands -- including Visa and MasterCard -- to ensure that retailers take sufficient steps to protect customer card data.

The card brands, particularly Visa, have a vested interest in demonstrating that PCI makes customer card data more secure. If a PCI-compliant retailer still gets breached, that's a lot of egg on Visa's face.

So what happens next?

First, the card brands will likely conduct an investigation to determine if the retailer was compliant at the time of the breach. As I wrote in a recent cover story, the PCI standards are vague enough that the card brands can probably find enough cause to determine that Hannaford Bros. was, in fact, noncompliant at the time of the breach.

  • 1