There's no doubt protecting payment information during transmission, processing and storage is a business imperative. But, the current "lock-down" approach, which focuses on encrypting payment data within your environment, has proven inadequate, unmanageable, or both. Think about it. If "lock-down" worked, breaches wouldn't be up 47%.1 Analysts wouldn't be writing papers suggesting measures to complement PCI. The U.S. House of Representatives wouldn't be holding hearings on payment security.2 And, managers responsible for payment security wouldn't be lying awake at night.
