Shostack + Friends Blog Archive


PCI Data Available

Interesting information was made available today from VISA about PCI Compliance status for Level 1, 2, and 3 merchants.  Find it as a .pdf >>here<< (thanks to Mike Dahn for bringing it to our notice).

**UPDATE** You may want to check out what Pete Lindstrom has done with that data, in his Blog Post, “Is PCI Working?”

2 comments on "PCI Data Available"

  • Ben says:

    I’m confused… are we supposed to take L2-3 “compliant” numbers at face value? How do we know these merchants are actually compliant? Filling out a SAQ is very easy, but validating those claims is a completely different story, isn’t it?

  • Mike says:

    Ben, we life in a world of bounded rationality and limited information. The stats are based on reported information. Also, these are not “compliance” numbers but rather “validation” numbers.

Comments are closed.