BASKING RIDGE, N.J. — Organizations that have suffered a credit card data breach are 50% less likely to be PCI compliant, according to a new report from Verizon Business here.
The “Verizon Payment Card Industry Compliance Report” examines the state of compliance with the Payment Card Industry Data Security Standard (PCI DSS), which was created in 2006 to protect cardholder data and reduce credit card fraud. The study found that only 22% of organizations were PCI compliant at the time of their initial examination. In addition, the report identifies which attack methods are most common and provides recommendations for businesses on earning and maintaining PCI compliance.
According to the report, there is a correlation between data breaches and the difficulties companies face in complying with certain PCI requirements Of the 12 requirements that comprise the PCI DSS, three of them — protect stored data, track and monitor access to network resources and cardholder data, and regularly test security systems and processes — cover areas that are most vulnerable to security breaches, according to the DBIR. However, those three requirements are also the same ones that companies struggle the most to meet for PCI compliance.
The compliance report is based on findings from PCI DSS assessments conducted by Verizon’s team of PCI Qualified Security Assessors (QSAs) in 2008 and 2009, and a review of a sample of approximately 200 assessments. As a QSA, Verizon audits and evaluates a company’s compliance with the established PCI DSS.
The report can be accessed at no charge at www.verizonbusiness.com/go/pcireport.