The truth behind the Wonga breach by Ben Oguntala, PCI Technical Design Authority I design PCI compliance Solutions for clients specifically to prevent them from getting into a situation that Wonga has gotten itself into. Here is my analysis and opinion on why clients need to look beyond the pencil ticking exercise of PCI compliance. There is no such thing as 99% in PCI compliance, you are either 100% or 0%. Nothing in between. Any money you spend on PCI Compliance and not reducing the likelihood of a breach occurring is equivalent to doing this.
ALL Payday loan applications are vulnerable primarily because they are all based on the same architecture and in some cases sourced from the same application developement companies and they are the ones that take the card payment for end users. Wonga's PCI problems emerges from the fact that it masks PAN data displaying only the last 4 digits and I intend for this article to explain why this is a bad idea that none of the current PCI compliance would have picked and why my Technical Design solution would have spotted this a mile off and fixed it, not that it would prevent data loss but that the problem will not be an ICO and PCI Council problem.