"Give PCI the bullet"
8 May 09: A new Online Banking Review column.
"PCI compliance will reduce accidental breaches and fend off amateur attacks. But PCI can do little to thwart inside jobs, nor organised. The rewards to be gained from credit card fraud are so now enormous that no amount of security policy or conformance audit can defeat cyber criminals. So the PCI security regime was always going to be a losing battle: an expensive endless loop of collecting ever more personal data to verify identity, and then needing to safeguard it all against theft. It’s like putting out fire with gasoline."