Article

PCI DSS Compliance Alone Won’t Protect Your Customer Data

Topic: Business NetworkingBy Michael PetersPublished Recently added
No ratings yet900 viewsSign in to rate
PCI DSS compliance is serious business for any organization that processes or accepts major payment cards, including SaaS providers that offer payment processing solutions to their customers. Retailers or payment processors who are found to be in violation of PCI DSS can be fined millions of dollars, and they may even be stripped of their ability to accept major credit cards. However, PCI DSS compliance standards are highly complex, and achieving compliance can be an expensive, tedious process. Not surprisingly, many organizations – already facing budget and staffing constraints – feel that once they have achieved compliance with PCI DSS, they have done everything they need to do to secure their customer data. Their cyber security begins and ends with PCI DSS compliance. After these same organizations are breached, their spokespeople often tell the media -- and the cyber security firms they hire to clean up the mess -- “We have no idea how this could have happened. We were compliant.” PCI DSS Compliance Alone Does Not Guarantee Data Security While PCI DSS compliance reduces the risk of data breaches, it does not eliminate them. Both Target and Home Depot were compliant with PCI DSS when their POS systems were breached, exposing tens of millions of consumer credit card numbers. Target had just gotten its PCI DSS compliance certification only two months prior to the hack. Unlike HIPAA, the healthcare compliance standard that is heavy on documentation and procedures and light on technical specifics, PCI DSS goes into quite a bit of detail regarding best practices that retailers and payment processors must adopt. For example, PCI DSS compliance requires changing default passwords on system components. However, all of these technical details can provide organizations with a false sense of security. PCI DSS does not cover every single security measure every organization must take to protect its data, nor could it do so. Technology is advancing too quickly for any set of standards to keep up. Mobile technology, cloud applications, and Internet of Things (IoT) devices are exploding in popularity, and with each new application and gadget comes a whole new set of vulnerabilities for hackers to exploit. By the time a new set of technical standards was issued, they’d already be out of date. PCI DSS also cannot address the specific risks in every data environment at every organization, and it cannot account for the weakest link in every organization’s cyber security: its people. Human error, negligence, and purposeful malicious activity account for nearly half of all data breaches. That’s why social engineering techniques are so popular among hackers. An organization can be PCI DSS compliant – and then, an employee clicks on a link in a spear phishing email and inadvertently unlocks the front door to the company’s system. Customer Data Security Begins, But Does Not End, With PCI DSS Compliance PCI DSS compliance and data security work together to protect your organization’s data. A compliant organization has the foundation to build out a cyber security plan that addresses the specific risks in its data environment. At the same time, a proactive cyber security plan helps organizations achieve and maintain compliance.

Article author

About the Author

Michael Peters is the CEO of Lazarus Alliance, Inc., the Proactive Cyber Security™ firm, and Continuum GRC. He has served as an independent information security consultant, executive, researcher, and author. He is an internationally recognized and awarded security expert with years of IT and business leadership experience and many previous executive leadership positions. He has contributed significantly to curriculum development for graduate degree programs in information security, advanced technology, cyberspace law, and privacy, and to industry standard professional certifications. He has been featured in many publications and broadcast media outlets as the “Go-to Guy” for executive leadership, information security, cyberspace law, and governance.

Further reading

Further Reading

4 total

Article

Introduction There was a time when the call center was seen as a place where phones rang endlessly and agents simply answered questions. That picture has changed dramatically. Today the modern call center sits at the center of customer experience, quietly coordinating returns, managing fulfillment concerns, and shaping how customers feel about every interaction with a brand. Instead of reacting to problems, teams now guide customers through complex journeys. Their role has gr

February 6, 2026

Article

In today’s financial landscape, credit scores play a major role in determining access to loans, housing, and even employment opportunities. For individuals facing late payments, collections, or inaccurate credit reports, rebuilding credit can feel overwhelming. This is why many people turn to professional services for guidance. Among the growing number of Credit Repair Companies in Houston and providers offering Credit Repair San Antonio solutions, White Jacobs continues to

February 6, 2026

Article

Choosing the right POS terminal is more important now than ever. With customer expectations rising and payment methods changing quickly, businesses need a device that works fast, stays secure, and handles different payment types. The PAX A30 is a popular Android POS terminal that has gained attention for its modern design and strong features. In this review, we look at how well it performs in real life, what makes it stand out, and whether it can truly be called the best Andr

January 17, 2026

Article

Installing a rack mount server cabinet is an important task for anyone setting up a server room or a data center. These cabinets are designed to hold servers, networking devices, and other hardware safely and in an organized way. A well-planned installation helps improve airflow, manage cables neatly, and secure equipment, which makes the server room safer and more efficient. Whether you’re setting up a small office server or a larger business data center, knowing how to in

January 16, 2026