According to a recent report from vendor SecurityMetrics, about seven out of 10 merchants have unencrypted credit card data storage, a practice strictly prohibited by the PCI DSS. PCI DSS compliance isn't new, so why does this still happen? What are the most common areas where merchants inappropriately store card data?