2 Comments

Good post. I had to help a restaurant chain with PCI compliance years ago when I was working in managed service. It feels crazy that PCI-DSS is this far behind on this area. Reminds me of how years ago cyber defenses were all about defending the perimeter. Now it's far easier, and much better ROI, for attackers to compromise a user through social engineering and perimeter defenses are not even on the playing field.

Expand full comment

Well put! I worked with many restaurant chains back when I was a QSA.

Expand full comment