We notice you are visiting from a U.S. Internet provider. 
08/03/2010 -
All too often, the motivations behind payment processing security measures are return on investment and total cost of ownership - not security. The fact that many companies prioritize compliance over security is problematic not only because there is more to security than compliance, but also because compliance audits are conducted by humans, and are therefore subject to human error, reported Internet Evolution.
"Security always, always, always requires human involvement in the testing," Lance Miller, principal at IT security website Infosec Island, told the website. "Security goes far beyond checking items off a list. Scans don't cut it. Compliance means your auditor is happy, not a secure network."
To implement effective payment processing security measures, Internet Evolution advised merchants to strategise and plan their business objectives and compliance requirements, assess the current state of their security program, create and enforce effective policies, and conduct periodic reviews of risks and vulnerabilities.
The theory that PCI regulations have made merchants more interested in compliance than security is not a new one, but payment processing experts advise businesses to maintain high security standards year round, not just in preparation for an audit.
