Comments on: Stop Complaining and Adhere to PCI http://www.riskbloggers.com/irawinkler/2007/06/stop-complaining-and-adhere-to-pci/ Security Wisdom Ahead of the Curve Mon, 08 Sep 2008 01:23:29 +0000 http://wordpress.org/?v=2.6.1 By: Larry J. Hughes, Jr. http://www.riskbloggers.com/irawinkler/2007/06/stop-complaining-and-adhere-to-pci/#comment-3550 Larry J. Hughes, Jr. Fri, 22 Jun 2007 18:29:47 +0000 http://www.riskbloggers.com/irawinkler/2007/06/stop-complaining-and-adhere-to-pci/#comment-3550 Sounds like another book opportunity for Larry Winget, author of "Shut Up, Stop Whining, and Get a Life: A Kick-Butt Approach to a Better Life" "Shut Up, Stop Whining, and Get Secure A Kick-Butt Approach to Better Security" Sounds like another book opportunity for Larry Winget, author of “Shut Up, Stop Whining, and Get a Life: A Kick-Butt Approach to a Better Life”

“Shut Up, Stop Whining, and Get Secure A Kick-Butt Approach to Better Security”

]]> By: admin http://www.riskbloggers.com/irawinkler/2007/06/stop-complaining-and-adhere-to-pci/#comment-3542 admin Fri, 15 Jun 2007 03:12:31 +0000 http://www.riskbloggers.com/irawinkler/2007/06/stop-complaining-and-adhere-to-pci/#comment-3542 Ultimately the consumer always pays, the money has to come from somewhere to run a business. The question is how much does the consumer pay? It might save a company $1 per customer to have poor information security, but if it costs VISA or AMEX $10 to deal with a stolen credit card then the net cost is much higher (to say nothing of the lost time/etc. for a consumer dealing with this). Unfortunately it's in the companies best interest (legal and fiduciary responsibility to shareholders/etc.) to minimize costs, but perhaps with lawsuits the cost of doing nothing (and getting hosed) will start to outweigh the cost of spending money on good information security programs and processes. One can only hope. Ultimately the consumer always pays, the money has to come from somewhere to run a business. The question is how much does the consumer pay? It might save a company $1 per customer to have poor information security, but if it costs VISA or AMEX $10 to deal with a stolen credit card then the net cost is much higher (to say nothing of the lost time/etc. for a consumer dealing with this). Unfortunately it’s in the companies best interest (legal and fiduciary responsibility to shareholders/etc.) to minimize costs, but perhaps with lawsuits the cost of doing nothing (and getting hosed) will start to outweigh the cost of spending money on good information security programs and processes. One can only hope.

]]>