Five myths of PCI compliance
With high profile credit card breaches in the news such as the TJX debacle, the PCI Data Security Standard is top of mind for corporate IT executives.
Unfortunately, with the buzz comes a new mythology.
PCI is often misunderstood, causing confusion
among those who must comply with the standard. This has resulted in numerous myths that value-added
resellers (VARs) and service providers are likely to hear from clients. Let's look at five common
myths surrounding PCI compliance to help you set the record straight.
Five myths of PCI
Introduction to the myths of PCI
1: PCI is hard
2: PCI will make us secure
3: Encryption is scary
4: "I don't take enough credit cards…"
5: Product X will make me compliant
About the author
John Kindervag is a 20-year veteran of the high-technology world. He is the
senior security architect for Vigilar Inc., where he helps corporations design secure networks and
manages Vigilar's Vulnerability Assessment and Compliance Practice. Kindervag holds a Bachelor of
Arts degree in Communications from the University of Iowa.
This was first published in August 2007
Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.