As a cyber security consultant, I can confirm. Not a single company out of hundreds I've performed PCI remediation for managed to completely comply with requirements, with some leaving major issues like storing cc info in a searchable plain text db for better "customer service". There's barely any enforcement for this.
As a cyber security consultant, I can confirm. Not a single company out of hundreds I've performed PCI remediation for managed to completely comply with requirements, with some leaving major issues like storing cc info in a searchable plain text db for better "customer service". There's barely any enforcement for this.