As recently discussed in a post by Mike Rothman, a Visa executive this week sought to clarify a company claim that no PCI-compliant company has suffered a data breach. Given that PCI compliance is determined at a fixed moment in time, the unattainable ideal is "continuous" compliance.

In the latest episode of eIQcast, Ross Levanto asks eIQnetworks Product Evangelist John Linkous about Visa's claims. They review how companies can move toward the unattainable continuous compliance goal, and they provide tips on certain effective data security strategies not specifically mandated by the PCI rules.