PCI Compliance is Not Enough. Each week, thousands upon thousands of payment card and related sensitive records are lost and stolen. While engaging efforts to be PCI compliant is appropriate and mandatory for merchants, it is not enough to safeguard operations, financials or customers. There is more that can be done. There is a better way to increase value and revenue while better protecting merchants AND the ISO/MSP.