PRO+ Premium Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
September 2009

What does PCI compliance really mean?

While PCI has probably helped fund many a security project and infused lots of dollars to security vendors in the last three to four years, why are companies that are PCI-compliant getting compromised? The problem lies in the fact that security professionals and their bosses are still under the false impression that compliance equals security. Interestingly what some originally found as refreshing (clear language and guidance) are now the things that hinder the standard. Because PCI is very prescriptive and lays out exactly what needs to be done, it can lull an organization into a false sense of security. Just look at Hannaford and Heartland Data Systems. Both were PCI-compliant but both were compliant at one particular moment in time. Recently the Heartland Data Systems CEO Robert Carr blamed the QSA for its huge data breach woes. The problem is a seal of approval from an auditor does not in any way shape or form ensure that your organization is secure. Many in the security industry were up in arms over his statements, arguing ...

Access this PRO+ Content for Free!

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Features in this issue

Columns in this issue






  • CIO Trends #6: Nordics

    In this e-guide, read how the High North and Baltic Sea collaboration is about to undergo a serious and redefining makeover to ...

  • CIO Trends #6: Middle East

    In this e-guide we look at the role of information technology as the Arabian Gulf commits billions of dollars to building more ...

  • CIO Trends #6: Benelux

    In this e-guide, read about the Netherlands' coalition government's four year plan which includes the term 'cyber' no fewer than ...