How many really comply with PCI-DSS?
Having actually read the PCI-DSS standards I find it hard to believe that everyone who stores card data actually complies. Hole in the wall outfits will often store such data in Word or Excel files or on bits of paper and larger outfits will store them in proper systems but without encryption. Doubt many chief execs or even information officers even know what PCI-DSS is.
Biting the hand that feeds IT
