The Verizon 2014 PCI Compliance Report revealed that 88.9% of businesses, following their annual assessment for meeting the Payment Card Industry (PCI) Data Security Standard (DSS) fail to maintain ongoing compliance, resulting in increased risk for data breaches and financial and reputational damages.
As the industry turns more toward self-service and mobile transactions, it is no surprise that this shift comes with some risk. Payment card transactions remain a target for attackers and data breaches are continue to increase. Verizon's report suggests that in most cases, payment card data breaches are not a failure of security technology or compliance with the Payment Card Industry Data Security Standard. Rather, a failure to implement appropriate compliance and security measures is one of the major causes. PCI compliance warrants an ongoing focus.
"We have seen time and time again that noncompliance leaves an organization open to credit card theft, which can potentially cost hundreds of millions of dollars when you factor in all the damages, not to mention lost consumer trust and the impact on brand reputation. Organizations need to rethink how they factor in maintaining a PCI-compliant environment, whether it's devoting more resources or working with a managed security services provider," said Rodolphe Simonetti, managing director, PCI practice, Verizon Enterprise Solutions.
Despite data breaches being on the rise, organizations' initial compliance with the PCI standard has shown improvement. The study shows that more than 82% of organizations were compliant with at least 80% of the PCI standard at the time of their annual baseline assessment in 2013, compared to just 32% in 2012.
Additionally, varying legal requirements and levels of adoption could be seen in different regions due to breach notification laws. The Asia-Pacific region took the top spot, with 75% meeting at least 80% of PCI requirements, followed by the United States and Europe with 56% and 31% respectively.
The biggest areas for improvement among all businesses include security testing, security monitoring, detection and response to compromised data and protecting stored sensitive data. The report also examines, in detail, compliance with each of the 12 specific PCI requirements, providing recommendations for organizations on implementing strategies to maintain compliance.
"Compliance activities should be planned, integrated with largest organizational wide governance, security and compliance initiatives, and automated as much as possible to help ensure it is sustainable and cost effective," Simonetti said.
The 2014 Verizon PCI Compliance Report is based on findings from hundreds of PCI DSS assessments conducted by Verizon's PCI Qualified Security Assessors from 2011 to 2013.
Want to continue reading?
Become a Free PropertyCasualty360 Digital Reader
Your access to unlimited PropertyCasualty360 content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking insurance news and analysis, on-site and via our newsletters and custom alerts
- Weekly Insurance Speak podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical converage of the employee benefits and financial advisory markets on our other ALM sites, BenefitsPRO and ThinkAdvisor
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
