Title: Verizon Warns That PCI Compliance Remains Problematic
Description: A new Verizon report reveals many businesses are still struggling with security standards compliance, putting consumer data at risk.
Page Content: NEW YORK ? A new Verizon PCI compliance report reveals ?too many businesses? are still not complying with payment card security standards, with consumers? confidential information at risk.
�
According to report, ?most businesses? that accept card payments ?continue to struggle to achieve and maintain compliance with the Payment Card Industry Data Security Standard (PCI DSS), putting their customers at risk for becoming victims of credit card fraud.
�
"We had hoped to see more organizations complying with the PCI standard, since we believe that compliance will ultimately improve the security posture of organizations and in all likelihood lead to fewer breaches," said�Wade Baker, director of risk intelligence at Verizon. "By reviewing this report, organizations can see where to focus their efforts and implement our recommendations for helping to accelerate PCI compliance. �Our end goal is a safer credit-card environment for consumers and businesses."
�
The Verizon report is based on findings from more than 100 PCI DSS assessments conducted from organizations in the U.S., Europe and Asia. Key findings include:
�
- Compliance has remained stagnant, neither improving nor worsening, with 21 percent of organizations fully compliant during an initial audit.
- Lack of compliance is linked to data breaches, with organizations in non-compliance far more likely to suffer data theft.
- Organizations continue to struggle with PCI requirements.
�
The report offered recommendations for meeting compliance, including:
- Treat compliance as an ongoing process.
- Self-validate carefully (or not at all). Due to conflicts of interest inherent in self-assessment, Verizon recommends that an objective third party validate the assessment or perform the testing.
?NACS is not surprised at the lack of progress in PCI compliance, as it remains highly confusing and expensive to small operators ? the sector that is least compliant.? said PCATS Executive Director Gray Taylor. ?This is why PCATS has focused on reducing the risk of data breaches instead of compliance with a series of guides that address key risk points in plain language.?
�
Content Subject: Risk Management & Security
Formatted Article Date: September 29, 2011
Няма коментари:
Публикуване на коментар