With more than two-thirds of all purchases made with payment cards and $20 trillion in credit card transactions expected for 2015, security has become a top priority for organizations that accept credit cards. However, nearly 80% of all businesses fail their interim PCI compliance assessment.
According to Verizon’s 2015 PCI Compliance Report by reducing the likelihood of being breached, companies can better manage their brand, ensure consumer trust and potentially avoid hefty fees. In fact, 69% of all consumers are less inclined to do business with a breached organization.
This year’s findings indicate that only 29% of companies are still fully PCI DSS-compliant less than a year after being validated. While annual compliance and ongoing control standard maintenance remains low, there is a bright spot in the 2015 report. Almost twice as many companies were validated as compliant during their interim compliance review in 2014 as compared with 2013.
Additional key findings from the report include:
• Between 2013 and 2014, compliance increased for 11 of the 12 PCI DSS controls or, in other words, 60% of companies assessed in 2014 were compliant with any given Requirement.
• The average increase in compliance was 18 percentage points.
• The biggest jump in compliance was in authenticating access (Requirement 8).
• The only area where compliance fell was testing security systems (Requirement 11), from 40% to 33%.
The volume and scale of data breaches in the past 12 months is proof that current security techniques are not stopping attackers ” in many cases they aren’t even slowing them down. PCI DSS compliance must be viewed as part of a comprehensive information security and risk-management strategy. A PCI DSS assessment can uncover important security gaps that should be fixed, but it is not a guarantee that the data is safe from a cyberattack.
For more data on PCI DSS access CardData®. For information and commentary on PCI DSS visit the searchable CardFlash® Library of more than 58,000 articles published since 1995. RAM Research® forecasts on PCI DSS are available exclusively through CardWeb.com.®