PCI DSS compliance is the hottest topic for many organisations in today's business world. Conforming to PCI DSS is required by most of the major credit card companies, such as VISA, Mastercard and American Express (among others) to ensure that the card data a company takes from its clients is maintained to a universally accepted level of security. Companies all over the world are required to adhere to this mandatory compliance model. However, there are many companies and organisations that are having difficulty in becoming compliant with PCI DSS. Some organisations do not understand its requirements or, through no fault of their own, misinterpret the requirements entirely. James Rees of Razor Thorn Security looks at where organisations go wrong and why companies find it difficult to understand what is required of them.