"The main reason PCI exists is that there are tens of thousands of merchants who don't understand the basics of information security and weren't even taking the very minimum steps to secure their networks and the credit card information they stored.
... PCI pushes that burden downstream and forces merchants to take on a preventative role rather than a reactive role. They have to put in a properly configured firewall, encrypt sensitive information and maintain a minimum security stance or be fined by their merchant banks. By forcing this to be an issue about prevention rather than reaction, the credit card companies have taken the bulk of the financial burden off of themselves and placed it on the merchants, which is where much of it belongs anyways.
Slashdot videos: Now with more Slashdot!
We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).