As someone who has worked with PCI compliance, I'm not sure I'd say it's a great example.
Sure, it's better than nothing, but it's also relatively trivial to bypass, and is done so regularly. I think the governing organization should have much sharper teeth.
That's not to say that self-regulating won't work, but I don't think PCI is a great example of it in action.
Sure, it's better than nothing, but it's also relatively trivial to bypass, and is done so regularly. I think the governing organization should have much sharper teeth.
That's not to say that self-regulating won't work, but I don't think PCI is a great example of it in action.