PCI compliance – There is one common theme connecting all the companies that have experienced cardholder data breaches over the past five years; not one was in full compliance with the Payment Card Industry Data Security Standard (PCI DSS) at the time of the breach.
The reality is that whilst a number of the affected companies were compliant once, they were no longer compliant at the time of the breach. In fact, reports show that companies potentially lose their full compliance status as quickly as a few weeks after their assessment.
A recent report found that despite an increase of 3.6% in the past year, only 11.1% of organisations that accept card payments complied with PCI DSS in 2013. The report is based on findings from hundreds of PCI DSS assessments conducted by PCI Qualified Security Assessors from 2011 to 2013. These figures show that businesses have begun to realise the benefits of complying with the security standards.
Many organisations remain at risk by failing to maintain full compliance and to attain compliance the following year often leaving them exposed. There are various reasons for this:
Cost – Compliance potentially represents a large segment of a business’s annual operational budget
Time – Attaining compliance is not a quick fix and often takes months to ensure a company is ready for a visit from the QSA
Resources – The task of becoming compliant or maintaining compliance is often left with a senior member of staff who’s time is solely focussed on PCI DSS
Europe is falling behind the rest of the world with only 31% of businesses accomplishing 80% or more of the PCI DSS requirements as opposed to 75% in Asia and 56% in the US.
Achieving PCI compliance and maintaining it is often seen as an arduous, expensive and time-consuming task. There are more and more companies looking at and implementing cost effective solutions that help them achieve and maintain full compliance with PCI DSS.
For additional information visit the PCI-PAL’s Website