Sounds like there's a lot more going on out there than the payment industry and law enforcement have nailed down and are prepared to talk about.
In the meantime, Global Payments – which was PCI compliant at the time of its breach – is no longer PCI compliant, and was delisted by Visa. Yet they continue to process payments.
What's the takeaway on PCI? The same one that's been around for years. Passing a PCI compliance audit does not mean your systems are secure. Focus on security and not on passing the audit.
This article was originally published on the Gartner website, and is used by permission. Avivah Litan is a vice president and distinguished analyst in Gartner Research. Her area of expertise includes fraud detection and prevention applications, authentication, adaptive access management, identity proofing, identity theft, and other areas of information security and risk. She also covers the PCI compliance program and the security aspects of payment systems.