It's fair to say that organizations have had ample time to achieve an acceptable level of compliance to the Payment Card Industry Data Security Standard (PCI DSS), but what we often see is pushback from the board level when it asks for clear-cut justification for PCI investment. Other times, the pushback comes from within the IT department, which is seeking to avoid the perceived disruption that implementing PCI will cause. Add to this scenario the anecdotal feedback that while acquiring banks promote the need for PCI, they seldom have the focus and continual drive to monitor the status of compliance, making it all too easy for merchants to carry on just as they are. Regardless of where the resistance or inertia comes from, the consensus is that adopting PCI DSS is a sensible thing to do from a security perspective. But like so many things in life, the common-sense view is outweighed by the perceived pain of achieving it.
展开▼
