Why should it just be the IT Managers responsibility?
This is the main problem; this PCI standards need to be directed to everybody in the company not just the IT Manager. In my rather small business, I can tell the sales staff not to write a customers credit card number down in a book, but they will still do it. I'm in no position to discipline them, or keep tabs on them all day to ensure they comply.
PCI standards when they arrived were treated like a joke by the company owner and manager. Clearly IT stuff, nothing to do with them or the rest of the staff. I've still managed to push through PCI compliance but it's an up hill struggle. Maybe PCI standards should target their education towards business owners + managers rather than just the technical side?
Biting the hand that feeds IT
