Myth 2: PCI will make us secure

PCI compliance does not mean total security. While it is a reliable first line of defense, potential breaches are always a possibility as technologies change. Diligence and maintenance are constantly required to maintain a safe network.

By John Kindervag

Myth No. 2 is a follow up to Myth No. 1. Once your client is PCI compliant, they may become complacent, thinking that they are unhackable. Again, PCI is designed to be good, basic, baseline security. It's meant to deter the lazy attacker. It's designed to watch the internal user. Like all security, diligence is required. The PCI audit or assessment you conduct is a snapshot in time. But as time passes, it's easy to move out of compliance or become less secure in some way. The purpose of PCI from a corporate perspective is to meet the "safe harbor" needs of the PCI standard and thereby mitigate the follow on risk associated with a breach. PCI compliance is a continual process -- a great foundation to create information security awareness and build an increasingly strong fortress around an organization's sensitive data.

Five myths of PCI compliance

  Introduction to the myths of PCI compliance
  Myth 1: PCI is hard
  Myth 2: PCI will make us secure
  Myth 3: Encryption is scary
  Myth 4: "I don't take enough credit cards…"
  Myth 5: Product X will make me compliant
About the author
John Kindervag is a 20-year veteran of the high-technology world. He is the senior security architect for Vigilar Inc., where he helps corporations design secure networks and manages Vigilar's Vulnerability Assessment and Compliance Practice. Kindervag holds a Bachelor of Arts degree in Communications from the University of Iowa.

Dig Deeper on Regulatory compliance with cybersecurity laws and regulations

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.