My former colleagues at InformationWeek present a guide to some new technology that will make compliance with Payment Card Industry (PCI) standards less of a hassle: "PCI Compliance Doesn't Have To Be Painful."

The problem with PCI is a catch in its safe-harbor provisions. On the one hand, card brands can't fine companies that experience a security breach if those companies are in full compliance with PCI standards at all times. Sounds great, right? Not so fast, says InformationWeek:

The key phrase is "full compliance at all times." On the surface, that's reasonable, until you understand that an company is technically compliant only at the time of the assessment. Once the QSA leaves, the company's status falls into a zone of uncertainty.

Two technologies--end-to-end encryption and tokenization--may go a long way toward protecting card data and ending this uncertainty.

InformationWeek goes on to discuss the technologies and how to evaluate vendors.