People, not PCI standards, cause data breaches
Cisco Systems Security Solution Architect, Christian Janoff wrote in his column with VentureBeat that the reason why payment card data breaches are happening is not because of the failure of PCI standards but it's the people. They are not ready to deal with today's threats.
People's attitude towards security was not the same ten years ago because there were no headlines about 100 million credit cards breached back then. Times are different now, however. Janoff writes, "Clearly things have changed. Anyone following security trends over the last few years realizes that there is a new mentality. It is no longer a matter of if you will be breached and how to prevent it. If you are a lucrative target, you are likely breached already. The new truth is not to avoid being breached but to minimize the amount of successful attacks once they get in and to be capable enough to stop the damage as soon as possible, or before the actors can steal the data they are after."
PCI failures don't have anything to do with new attacks. Rather, these attacks are just the reality today and the fact that online criminals potentially make billions of dollars with their schemes. Verizon data showed that in the year 2000, fraud returned $2 billion for criminals. This number, however, rose to $12 billion in 2012, Janoff wrote.
To meet these new challenges, Janoff said a new attitude when it comes to security is necessary. He wrote, "This attitude needs to take security seriously. It means hiring well-trained staff and paying them well. It means purchasing quality security systems. It means developing a security strategy and policy that is proactive and not reactive."