Myth 2: PCI will make us secure
PCI compliance does not mean total security. While it is a reliable first line of defense, potential breaches are always a possibility as technologies change. Diligence and maintenance are constantly required to maintain a safe network.
By John Kindervag
Myth No. 2 is a follow up to Myth No. 1. Once your client is PCI compliant, they may become complacent, thinking that they are unhackable. Again, PCI is designed to be good, basic, baseline security. It's meant to deter the lazy attacker. It's designed to watch the internal user. Like all security, diligence is required. The PCI audit or assessment you conduct is a snapshot in time. But as time passes, it's easy to move out of compliance or become less secure in some way. The purpose of PCI from a corporate perspective is to meet the "safe harbor" needs of the PCI standard and thereby mitigate the follow on risk associated with a breach. PCI compliance is a continual process -- a great foundation to create information security awareness and build an increasingly strong fortress around an organization's sensitive data.
About the author![]()
Five myths of PCI compliance
![]()
Introduction to the myths of PCI compliance
Myth 1: PCI is hard
![]()
Myth 2: PCI will make us secure
Myth 3: Encryption is scary
Myth 4: "I don't take enough credit cards…"
Myth 5: Product X will make me compliant

Start the conversation
0 comments