Download | June 19, 2012

Ten Common Myths of PCI DSS

Source: Cayan

The Payment Card Industry Data Security Standard (PCI DSS) secures cardholder data that is stored, processed or transmitted by merchants and processors. PCI DSS specifies 12 requirements entailing many security technologies and business processes, and reflects most of the usual best practices for securing sensitive information. The resulting scope is comprehensive and may seem daunting – especially for smaller merchants who have no existing security processes or IT professionals who help guide them through what is required and what is not. To complicate matters, some vendors who sell security products or services market their products in a broader context than just the PCI DSS requirements. As a result, retailers who are new to security may harbor myths about the PCI DSS. The PCI Security Standards Council presents ten common myths about PCI DSS to help your business optimize protection of cardholder data and ensure compliance with the standard.

Myth 1 – One vendor and product will make us compliant

Many vendors offer an array of software and services for PCI compliance. No single vendor or product, however, fully addresses all 12 requirements of PCI DSS. When marketing focuses on one product’s capabilities and excludes positioning these with other requirements of PCI DSS, the resulting perception of a “silver bullet” might lead some to believe that the point product provides “compliance,” when it’s really implementing just one or a few pieces of the standard. The PCI Security Standards Council urges merchants and processors to avoid focusing on point products for PCI security and compliance. Instead of relying on a single product or vendor, you should implement a holistic security strategy that focuses on the “big picture” related to the intent of PCI DSS requirements.

Download the document below to read the rest of the myths.