Report: 80% of Companies Fail to Keep up with PCI Compliance During Year
March 12, 2015
Even after more than a year of high-profile data security breaches of retailers, financial institutions, insurance companies, technology providers, universities and municipalities, 80 percent of global organizations still fail to protect payment-card data at all times, according to a new report from Verizon Communications. Overall, the report found compliance with most PCI-DSS requirements was up, but merchants do not maintain compliance effectively after their annual assessments.
“First, it’s very easy to fall out of compliance if you don’t have robust procedures in place for managing and maintaining it,” the report said. “And second, a compliance assessment can only ever be a snapshot. All it in fact proves is that the company was able to demonstrate compliance at that moment, for the selected sample of sites, devices and systems checked.”
While interim assessments of more than 5,000 merchants in 30 countries showed four out of five were not compliant, that number has improved from 2013, when nearly 90 percent failed an interim assessment. Clearly, the report says, there is more work to be done despite the improvement. And, like most industry experts on the matter of data security, Verizon stresses that “PCI DSS is a baseline, an industry-wide minimum acceptable standard, not the pinnacle of payment card security.”