Put another way if everyone keeps saying being PCI compliant does not mean being secure, where exactly does this occur – the failure of PCI compliance?


One major difference is that PCI compliance does not cover security breaches outside of credit card number information.

The law covers notifications of security breaches on Personally Identifiable Information (PII).


The PCI compliance standard cannot possibly discuss the many different types of organizations and types of companies that can use credit card software on their computers or credit card processing machines.  Although the best way to safeguard the credit card transaction is with encrypted end-to-end transactions in a segmented network, this may not be what is in your network.

Even if you apply all the PCI compliance best practices your employees may still succumb to phishing attacks or malware software may evade your anti-virus or Intrusion prevention systems.

The training programs for computer security should supersede the PCI compliance training.


The IT Governance Framework used in ISO27001 is more comprehensive than PCI compliance


Scoping a PCI DSS assessment is not the same as scoping ISO27001 assessment

When doing a risk assessment for ISO 27001 all vectors of attack have to be considered (risks)

Identify your weaknesses, and your controls to review and measure them.


Contact Us to help you scope and review your compliance and security needs.


By zafirt

One thought on “Where does PCI Compliance Fail?”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.