Dark Reading has an article on PCI compliance from end of last year:
An important paragraph:
“In the cases of the largest data breaches, in 2014 a common point of vulnerability was the exploit of remote access methods to implant malware on systems that store, process, or transmit cardholder data. Frequently the point of malware penetration was back-office PCs supporting the payment system, which may run unpatched operating systems highly vulnerable to malware attacks. These systems often lack the same controls as a payment terminal, such as tamper-responsive detection and other protections for malware in volatile memory.”
“Many organizations lack an effective process to apply PCI DSS”
Also discussing Consistent and effective controls.
Continuous monitoring of risks
Regular assessments of new threats.
Troy Leach was the author, and he is the Chief Technology Officer for the PCI Security Standards Council (SSC)
I want to also add the FTC chairwoman commissioner Edith Ramirez’ opening remarks at the CES show on the 6th of January.