Episode 6

Why Compliance Makes You Vulnerable

Setting your target as compliance with a security standard like PCI-DSS or SWIFT-CSP means you are accepting an older standard as your minimum. In this podcast, Craig Jeffery interviews Mark Cuneo a card security expert from CardConnect, a First Data Company to explore why that target is a problem and what the proper security viewpoint should be. Listen in to this conversation at strategictreasurer.com/podcast or from wherever you normally download podcasts.


Time Discussion Topic
0:54 Why does compliance make you vulnerable?
3:50 Instances of card breaches where the companies were compliant
5:44 Known and unknown threats and your ability to respond
9:10 PCI time from publishing standard to compliance requirement
9:42 What should be done to better protect your company and data
10:20 Importance of guidance
13:17 Hardware to Education of your professional staff
14:41 Tokenization explained from the view of the thief
18:47 Point to point encryption
20:56 Vulnerability examples: HVAC, Defense Department
22:07 Card theft and PII theft