CardSystems Breach Follow-up

Anyone looking for additional details on the CardSystems Solutions intrusion may find Bruce Schneier's blog good reading. He notes that CardSystems was apparently not in compliance with Payment Card Industry (PCI) security guidelines, although on National Public Radio CardSystems' CEO said his company was in compliance. Phil Hollows has written multiple blog entries on the breach, one which correctly points out that compliance with an audit does not equal security.