As breaches continue to happen, the adage of not if but when continues to ring true. The following 9 myths regarding PCI compliance are worth a review as many organizations allocate funds to cybersecurity spending. 

AppSec/API Security 2022

Myth 1. PCI compliance is not worth our time as an organization.

As more and more organizations and even the tech industry itself moves toward a risk-based approach, the notion of annual reporting on cybersecurity and technology risk is not far off.   PCI DSS requires organizations regularly test security processes and systems. Though this is a challenge, PCI compliance audits may help organizations as they make decisions regarding technology and risk.

Areas to address include:

  • Network Security:  Non-firewalled connections are a risk, and restrict access to only those who need access. 
  • Data Storage: this is always a vulnerability when data is stored. Keep data retention to a minimum.
  • Application Security:  Does one application (Read more...)