When I read items like this:
Agarwal said NoMoreRack is now in the process of certifying itself this time as a Tier-1 merchant, even though the number of credit and debit cards it processed in 2013 placed it squarely in the Tier-2 range.
I get frustrated. While I understand that Compliance is necessary and is important companies still need to understand that being compliant does not mean you are secure! There is more to it than that. In too many cases Compliance is just a check box that makes senior management feel better about the overall state of organizational security.