Stephen Orfei, general manager of the PCI SSC, didn't offer any views of technology solutions for compliance, but said, "the bottom line is no technology or tool can replace the need for vigilance in security activities."
Pascual agrees with that mandate. "It (compliance) is not a once a year affair," he said. "It needs to be baked in throughout the business. If you're not doing that, you won't be compliant and eventually you'll pay the price."
Sign up for CIO Asia eNewsletters.