For many organisations’ Chief Information Officers and Chief Security Officers, the Payment Card Industry Data Security Standard (PCI DSS) was going to spell the end of the road for criminals who were ‘cashing in’ on the supposedly easy target of credit card theft - and its subsequent fraudulent use of their customers’ data. The theory being, it would be harder to obtain the cardholder data in the first place due to the more robust and standardised approach to data security (under the new PCI DSS regime). Unfortunately, as we have seen, many companies are still struggling to demonstrate compliance, with costs associated with meeting PCI requirements spiralling out of control. And despite the pressure of fines being imposed, organisations continue to struggle with PCI DSS compliance, and worse still some organisations that have achieved PCI DSS compliance are still suffering from costly and embarrassing data losses / breaches e.g. TJ MAXX, Hannaford Brothers.