PCI-DSS – I am certified, therefore I am secure #PCI

Interesting article …

PCI has done a LOT to further security in an industry where information security was never considered a topic worth mentioning. I can remember 5-7 years back when retailers were all about razor-thin margins (they still are – that hasn’t changed) and security to them meant physical security – guards, sensors, cameras – all put in place to prevent stealing or “shrinkage” (in industry parlance). Information Security was a word that was pretty much unknown. Trying to talk about information security to a retailer was a futile exercise that would result in temporary brain damage to a security person. The familiar excuses revolved around lack of budgets and the hilarious “who is going to attack us anyway? – we are not a bank, we don’t have sensitive information – what do we need to protect?”

via Security and Compliance.