The Payment Card Industry Data Security Standard (PCI DSS) has been around for more than a decade, but that doesn’t mean there aren’t plenty of compliance myths about data security still floating around infosec. Some of the most pervasive myths involve organizations thinking they don’t need to comply,  compliance is too difficult, believing compliance is not ongoing, and believing that compliance automatically ensures the security of their data. 

 

Myth 1: I’m Too Small to Worry About Compliance

One of the most universal myths about PCI DSS  is that many merchants believe they are too small or process too few transactions to worry about being PCI compliant. The truth is,  every organization is responsible for compliance if they process, store, or transmit cardholder data. Even if a single credit card transaction is processed every year, PCI compliance is still required.  Businesses using third-party processors are required (Read more...)