Brian Tokuyoshi - Product Marketing Manager
One of the problems of the Payment Card Industry Data Security Standard is that it will never reach a state of completion. That’s because PCI DSS it defines protections against known security risks, and then maps out a list of things that it must do to meet the minimum requirement for an acceptable level of security.
The goals of PCI DSS are noble, for it establishes practices for handling of sensitive data, and thus ensures security experts address the issues that can’t be taken for granted anymore.
The problem, though, is that PCI DSS sets up the requirements in a way that creates checklists of technology to deploy, which prescribes protection against the known threats. You can’t prescribe...