Image via Wikipedia
For the second year in a row, a Verizon report has found that too many businesses are struggling to comply with payment
card security standards, putting consumers’ confidential information at risk.
According to the company’s Payment Card Industry Compliance Report, most
businesses that accept credit or debit cards, or both, continue to struggle to
achieve and maintain compliance with the Payment Card Industry Data Security
Standard (PCI DSS). The report concluded, as a result, they are at greater risk
of losing confidential customer information and falling victim to credit card
fraud.
While the compliance situation has neither worsened nor improved, it is still “disappointing.” Only 21 percent of
organizations were fully compliant during the initial audit, and the report
noted that the difficulty in achieving compliance, along with overconfidence,
complacency and the need to focus on other compliance and security issues are
among the possible reasons for the widespread PCI noncompliance. The report
suggested again this year that breached organizations are more likely not to be
PCI compliant and are more likely to suffer from identity theft and fraud
issues.
Organizations struggled the most to comply
with requirements 3 (protect stored cardholder date), 10 (track and monitor
access), 11 (regularly test systems and processes), and 12 (maintain security
policies), all of which are directly linked to protecting cardholder data.
Launched in 2009, the Prioritized Approach was created to help businesses
identify and reduce risk to cardholder data and to ease the annual PCI process.
The report found that rather than using a risk-based approach to PCI compliance,
organizations instead rely on the PCI DSS for guidance.
“We had hoped to see more organizations
complying with the PCI standard, since we believe that compliance will
ultimately improve the security posture of organizations and in all likelihood
lead to fewer breaches,” said Wade Baker, director of risk intelligence for
Verizon. “By reviewing this report, organizations can see where to focus their
efforts and implement our recommendations for helping to accelerate PCI
compliance. Our end goal is a safer credit-card environment for consumers and
businesses.”
Related articles
- Firms are RUBBISH at payment security (go.theregister.com)
- How PCI Compliance Can Impact Your Web Design Company (xemion.com)
