Oder said most payment data security problems start with an employee error. These are typically employees who truly thought they were doing everything right, but they were undercut by a failed corporate infrastructure. Taylor's approach was more basic: Retailers must put much less payment data into the hands of employees and return to a centralized approach, as painful as it will be and as backward as it will feel. To listen to these folks argue it out, please click here.
The IT struggle with knowing where all payment data is—let alone trying to enforce rules that pretty much try and keep it there—was the topic of a StorefrontBacktalk podcast this week with our own PCI columnist, David Taylor, and security specialist J.D. Oder, the chief technology officer at Shift4.