Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    PCI DSS Compliance Is Low but Shows Improvement: Verizon

    By
    Sean Michael Kerner
    -
    February 11, 2014
    Share
    Facebook
    Twitter
    Linkedin
      electronic payments

      Compliance with the Payment Card Industry Data Security Standard (PCI DSS)—a key requirement for organizations that process and handle electronic payments—is low but improving, according to the findings of a new study from Verizon.

      Although just 11.1 percent of the companies surveyed were fully compliant with all the requirements of the PCI DSS 2.0 standard in 2013, that figure is actually an increase of 3.6 percentage points from 2012.

      “Only 11 percent of the companies we met were compliant during the first assessment, meaning that 89 percent of organizations were not initially compliant,” Rodolphe Simonetti, managing director, PCI practice, Verizon Enterprise Solutions told eWEEK.

      Although a small percentage of companies are fully compliant with PCI DSS, many are what Simonetti referred to as “mostly compliant,” or 80 percent or more compliant with the PCI DSS specifications. According the Verizon study, only 32 percent of companies were mostly compliant in 2012, a figure that grew to 82 percent in 2013.

      The main challenge with PCI compliance is that most organizations have been viewing it as a project to be completed and not as an everyday process, Simonetti said. “What is critical is to maintain compliance day after day, because once the assessment is done, the risk is not going away,” he said. “What we have seen from the last five years of security breaches is that most companies, even if they were at one point PCI-compliant, were not compliant at the time of the breach.”

      Organizations may have a hard time meeting Requirement 7 of the specification, which mandates that they perform security testing; Requirement 11, which stipulates the need for security monitoring; and requirement 3, which concerns protecting stored data, Simonetti explained.

      Requirement 11 can be challenging because it requires the use of log management or Security Incident and Event Management (SIEM) technologies, Simonetti said. The testing requirement asks organizations to do yearly penetration testing and quarterly vulnerability scans.

      “It’s common sense, and still a lot of companies are failing,” Simonetti said.

      To improve security compliance, companies need to properly allocate resources such as people, money and time, Simonetti said, adding that compliance should remain a year-round, continuous effort and not a point-in-time initiative.

      PCI DSS compliance should also be viewed in the wider context of an overall security program and not a stand-alone effort, and organizations should leverage compliance as an opportunity, Simonetti said. “Compliance is not just about mitigating risk; it can also be about providing a return on investment,” he said.

      Stay focused, Simonetti advised. “PCI compliance contains about 300 controls, and it doesn’t make sense to apply those controls to an entire IT environment. To make compliance easier, reduce the size of the task and focus on the part of the environment that needs to be segregated and then secured.”

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Avatar
      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×