We notice you are visiting from a U.S. Internet provider. 
16/03/2010 -
Many payment processing industry players blame the PCI DSS for leading organisations to prioritize compliance instead of security. However, the PCI DSS is not to blame, as there is no such thing as complete security, said a recent article.According to PCI Guru, organisations should not expect full protection from payment processing security threats under the PCI DSS - or under anything else, for that matter, as even the most thorough security measures do not eliminate risk.
"Security only reduces or minimizes risks; it does not remove them all," said PCI Guru. "Yes, some risks may be eliminated when proper security practices are implemented. Nevertheless, for the most part, some security risks will always remain, regardless of the security measures put in place. Proper management of these remaining security risks should minimize the risks as much as possible."
The article dubs this the "99-1 rule," in which security measures prevent 99 percent of attacks, but there is 1 percent of dedicated attackers that will cost "too much time, resources and effort" to eliminate.
Still, ensuring payment processing security as best as possible is essential for companies whose merchant services include debit and credit card processing, PCI Security Standards Council general manager Bob Russo recently reiterated in an interview with Bank Info Security. He noted that payment processing security should be "built into your DNA."
