Talk:Payment Card Industry Data Security Standard

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia

Archives (Index)

This page is archived by ClueBot III.

Wiki Education Foundation-supported course assignment[edit]

This article was the subject of a Wiki Education Foundation-supported course assignment, between 30 October 2018 and 11 December 2018. Further details are available on the course page. Student editor(s): Gl1147. Peer reviewers: Gl1147.

Above undated message substituted from Template:Dashboard.wikiedu.org assignment by PrimeBOT (talk) 06:17, 17 January 2022 (UTC)[reply]

Improve the page[edit]

Chapter: Compliance in call centers[edit]

This chapter has multiple issues. The style is not Wikipedia-like, formatting appears to be not finished (the chapter finishes in the middle of a sentence). The subject, discussed appears not to be really important to get space in the PCI DSS Wikipedia page (at least I do not see studies or sources substantiating this hypothesis). In short: my suggestion is to delete this chapter. Comments and feedback appreciated.

  • I replace this chapter with a chapter on "Risk management to protect cardholder data"

ScienceGuard (talk) 10:58, 2 October 2018 (UTC)[reply]

Chapter: Controversies[edit]

This chapter is important if it can be described from a generalized point of view. However, the current chapter only gives annecdotal evidence. Does anybody know sources providing a holistic view on controversies?

ScienceGuard (talk) 10:54, 4 September 2018 (UTC)[reply]

Promotional Sources Removed[edit]

I deleted the sources flagged as promotional. ScienceGuard (talk) 09:21, 18 May 2021 (UTC)[reply]

Removal of section "Risk management to protect cardholder data"[edit]

While I generally try to WP:BEBOLD, I think the removal of this section requires some notice. There's a number of problems with the inclusion of this section that, in my opinion, warrant full removal. Absent any other comments, I will eventually remove this. Here's my justification.

The section starts talking about risk management. Risk management programs are defined under requirement 12, but instead the article discusses requirement 3, which is about controls protecting *stored* data. It also seems to be fixated on HSMs, which are are relevant generally for PCI, but are not discussed at all in the PCI DSS. Finally, the risk management "steps" do not coincide remotely with what exist under the req 12 risk management processes.

Those are the basic problems with what exists currently.

But in the end, the larger reason I think this should be removed, is that it picks one/two specific detailed areas to focus on in terms of the actual requirements, while the rest of the article only discusses high-level issues. From my standpoint, it's not feasible (without more editor interest) to get into detailed discussions about particular PCI DSS requirements, so we should stick with a high-level discussion instead.

DoubleRelevance (talk) 07:24, 15 August 2023 (UTC)[reply]

The lack of independent sourcing makes the section even more dubious. — BillHPike (talk, contribs) 17:54, 17 August 2023 (UTC)[reply]
I've gone ahead and removed the section. I'll also comment, sourcing is a problem with this topic in general, because essentially you can only find primary sources or non-independent secondary sources for support of the content. The PCI Council promulgates the rules, and certifies companies to be authorities on the interpretation of the rules (though card brands and merchant banks are also authorities). So under Wikipedia rules, most secondary sources get reverted immediately for not being independent. Which I'm not saying is bad or wrong, it's just an unfortunate effect of the system under which the PCI DSS operates. DoubleRelevance (talk) 02:57, 2 September 2023 (UTC)[reply]
Retrieved from "https://en.wikipedia.org/w/index.php?title=Talk:Payment_Card_Industry_Data_Security_Standard&oldid=1209670602"