Internet security is always a hot topic, and for good reason; the developments in both the theft and protection of information online is happening faster and more often than in any other area of security. PCI compliance is one of the standards used to determine a website’s security level. A website advertising that they’re PCI compliance is intending to show that they are trustworthy; that you can shop their with an expectation that your details will not be stolen, but is this really true?

PCI compliance is effectively a license to collect and store payment details, but it has proven to be a rather weak validator, in that companies who have gained the certification are regularly hacked. The truth is however that it is not that PCI compliance is a weak system, rather that every system online, and offline for that matter, can potentially be subverted.

While this is the case, it is also true that more can be done above and beyond what PCI certification demands. Many of the most secure online services, such as Paypal, banking, Amazon, and other big multinational companies, have gone above and beyond the minimal standard set by PCI> Unfortunately, the standard they set is unachievable for many businesses due to the massive investment it demands.