In this book I have been a strong advocate of the PCI DSS integrated data security controls framework, its strong heritage built from other industry security controls and its effectiveness to defend your business against your ever-present threats. I am still amazed to hear of those payment card security businesses who
Bury their heads in the sand (ignoring their obligations to safeguard payment card data processing operations)
Merely regard PCI DSS as a tick box approach
Do not see any business benefits (return on investment (ROI))
Don’t perceive themselves to be of interest to the opportunist attackers
