An article relating to this blog post on Finextra:
PCI security standards in the dock
A legal challenge to the payment card industry's PCI security standards is brewing in the US, as a Utah-based restaurant chain cries foul over the apparently "arbitrary" nature of the system and the l...
Despite all the bleating about PCI over the years, I found it to be too weak.
With all the focus on Cardholder Data - as being that on the Mag Stripe - namely Cardnumber, Cardholder Name, Expiry Date and Security Code - I found many Merchants & Service Providers treated it as a 'max' rather than 'min' level of security.
I performed due diligences on places where lots of other personal data such as Mothers Maiden Name, Cardholder Address, Phone Number, e-mail address, Date of Birth, Passport Number, Gender, Religion, etc etc was never encrypted, simply because PCI itself
didn't tell them to do so.