PCI has come under fire and I have seen many small business circumvent compliance and many others have found holes. PCI is an industry compliance mandate that quite frankly is not a law with teeth forcing all businesses large and small to be in compliance. There is still rampant identity theft even with PCI compliance and many questioned it’s effectiveness in the retail industry.
The US federal government is now taking a lead role and strongly considering making it the law of the land.
George Moraetes, CISM, CGEIT
Information Security Executive