http://www.pciknowledgebase.com/index.php?option=com_mtree&task=viewlink&link_id=1366&Itemid=0As a banker who has been involved in audit and risk management for 20+ years, I have a beef with PCI. Too many have lost sight of goal which is to reduce the risk of security breaches and card fraud. Assessors often just focus on the words in the standard. They do not understand WHY the standard was written, or the risk built into it. We have removed the acceptance of risk as an option by insisting on 100% compliance. That was not the intent.
“The best method to protect data from hackers is to delete it”PCI Compliance book http://www.pcicompliancebook.info/