Myth 5: Project X will make me compliant
Be wary of vendors who make a product seem too good to be true. There is no product that will make your network completely PCI compliant without any problems. Learn to recognize the white papers that accurately describe their products.
By John Kindervag
Human nature is such that we look for the easy way out of problems. Product manufacturers understand this. Every product manufacturer worth its salt has a whitepaper on how they will make an organization compliant. Some of these whitepapers have good, comprehensive information that can help IT staff make responsible decisions related to mitigating gaps in their PCI status. Other vendors overstate their claims and promise much more than they can deliver.
PCI has 12 sections with many details within each requirement that must be met. Unfortunately no single product, or even a single vendor, can supply all of the "stuff" needed to become fully compliant.
The company who becomes PCI compliant will have a holistic security strategy that focuses much more on the big picture related to the intent of the requirements, than a point product focus that will create a management nightmare in the future.
Beware of the overpromising vendor.
Conclusion
The PCI Data Security Standard is neither difficult nor frightening. As you know, it is a positive, measured response to an enormously difficult and dangerous problem. As your client's trusted adviser, you can help them understand the value of compliance.
About the author![]()
Five myths of PCI compliance
![]()
Introduction to the myths of PCI compliance
Myth 1: PCI is hard
Myth 2: PCI will make us secure
Myth 3: Encryption is scary
Myth 4: "I don't take enough credit cards…"
![]()
Myth 5: Product X will make me compliant

Start the conversation
0 comments