We notice you are visiting from a U.S. Internet provider. 
12/11/2009 -
Successful payment processing security involves more than just compliance to the PCI DSS - it involves best practices about data retention and protection, network security and employee training.All of these practices can - and potentially should - also be applied to other areas of business operations, such as CRM databases, email servers, personnel files and payroll information, said payment processing expert Evan Schuman.
"Overworked IT executives suffering from staff cuts find checklist security quite comforting," he wrote on the McAfee Security Insights blog. "The checklist mentality says that nothing should be done that isn't mandated. And there are no external rules protecting data, beyond payment card, health-related information and some investment data. Is this wise?"
Schuman noted that information such as customer service files stored in a CRM database, customer loyalty tracking information and even payroll information could be valuable targets to hackers, and should be protected with the same rigour as payment processing infrastructure.
However, merchants may need to invest in their payment processing security first and foremost - the Ponemon Institute and Imperva report that just 28 percent of small businesses and 70 percent of large businesses are PCI compliant.
