Welcome!

News Feed Item

Majority of Organizations That Accept Payment Cards Fail to Maintain PCI Security Standards, New Verizon Report Finds

Noncompliance Linked to Increased Breach Risk, Financial and Reputational Damages

NEW YORK, Feb. 11, 2014 /PRNewswire/ -- A new Verizon report has found that too many businesses, following their annual assessment for meeting the Payment Card Industry Data Security Standard, fail to maintain ongoing compliance -- putting the businesses at an increased risk for data breaches, and financial and reputational damages.  

The "Verizon 2014 PCI Compliance Report" affirms that payment card transactions remain a prime target for attackers, and the rate at which data breaches are occurring appears to be increasing. It is estimated by The Nilson Report that global credit cards fraud exceeded $11 billion in 2012 alone. 

According to the report, in most cases, payment card data breaches are not a failure of security technology or of compliance with the Payment Card Industry Data Security Standard, but rather a failure to implement appropriate compliance and security measures as intended.

"We continue to see many organizations viewing PCI compliance as a single annual event, unaware that compliance needs to have a 365 day-a-year focus," stated Rodolphe Simonetti, managing director, PCI practice, Verizon Enterprise Solutions.

(NOTE:  Video, charts, infographics, full report and cover art are available for download at http://www.verizonenterprise.com/news/2014/02/PCI-Report-2014-Media-Resources.)

However, there is a bright spot in the report: Organizations' initial compliance with the PCI standard has shown some improvement. In 2013, more than 82 percent of organizations were compliant with at least 80 percent of the PCI standard at the time of their annual baseline assessment, compared with just 32 percent in 2012. 

There were also regional differences due to breach notification laws, varying legal requirements and levels of adoption. The Asia-Pacific region took the top spot (75 percent), followed by the U.S. with 56 percent and Europe with 31 percent in meeting at least 80 percent of the PCI requirements.

Areas where businesses struggle the most in achieving initial compliance include: security testing (23.8 percent); security monitoring and the ability to effectively detect and respond to data compromised (17 percent); and protecting stored sensitive data (55.6 percent).

"Anything less than 100 percent compliance is an issue for businesses today," said Simonetti. "We have seen time and time again that noncompliance leaves an organization open to credit card theft, which can potentially cost hundreds of millions of dollars when you factor in all the damages, not to mention lost consumer trust and the impact on brand reputation. Organizations need to rethink how they factor in maintaining a PCI-compliant environment, whether it's devoting more resources or working with a managed security services provider."

Report Takes In-Depth Look at Each of 12 PCI Requirements

In addition the report examines in detail how well organizations comply with each of the 12 specific PCI requirements; provides recommendations that organizations can implement to help them earn and maintain compliance; and explains how noncompliance with each requirement can lead  to a data breach.

Simonetti points out that "compliance activities should be planned; integrated with largest organizational wide governance, security and compliance initiatives; and automated as much as possible to help ensure compliance is sustainable and cost effective."

PCI Report Findings Based on Actual PCI Assessments

The report is based on findings from hundreds of PCI DSS assessments conducted by Verizon's team of PCI Qualified Security Assessors, from 2011 through 2013. Like Verizon's Data Breach Investigations Report (DBIR) series, the PCI Compliance Report is based on actual casework and is believed to be the only report of its kind in the industry. This report analyzes PCI Data Security assessment data, with a specific focus on the retail, financial services and hospitality industries across North America, Europe and the Asia-Pacific region.

Verizon Communications Inc. (NYSE, Nasdaq: VZ), headquartered in New York, is a global leader in delivering broadband and other wireless and wireline communications services to consumer, business, government and wholesale customers. Verizon Wireless operates America's most reliable wireless network, with nearly 103 million retail connections nationwide. Verizon also provides converged communications, information and entertainment services over America's most advanced fiber-optic network, and delivers integrated business solutions to customers in more than 150 countries. A Dow 30 company with more than $120 billion in 2013 revenues, Verizon employs a diverse workforce of 176,800. For more information, visit www.verizon.com.

VERIZON'S ONLINE NEWS CENTER: Verizon news releases, executive speeches and biographies, media contacts and other information are available at Verizon's online News Center at newscenter.verizon.com. The news releases are available through an RSS feed. To subscribe, visit newscenter.verizon.com/corporate/feeds.

SOURCE Verizon

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
Organizations planning enterprise data center consolidation and modernization projects are faced with a challenging, costly reality. Requirements to deploy modern, cloud-native applications simultaneously with traditional client/server applications are almost impossible to achieve with hardware-centric enterprise infrastructure. Compute and network infrastructure are fast moving down a software-defined path, but storage has been a laggard. Until now.
We're entering the post-smartphone era, where wearable gadgets from watches and fitness bands to glasses and health aids will power the next technological revolution. With mass adoption of wearable devices comes a new data ecosystem that must be protected. Wearables open new pathways that facilitate the tracking, sharing and storing of consumers’ personal health, location and daily activity data. Consumers have some idea of the data these devices capture, but most don’t realize how revealing and...
Kubernetes is a new and revolutionary open-sourced system for managing containers across multiple hosts in a cluster. Ansible is a simple IT automation tool for just about any requirement for reproducible environments. In his session at @DevOpsSummit at 18th Cloud Expo, Patrick Galbraith, a principal engineer at HPE, discussed how to build a fully functional Kubernetes cluster on a number of virtual machines or bare-metal hosts. Also included will be a brief demonstration of running a Galera M...
Unless your company can spend a lot of money on new technology, re-engineering your environment and hiring a comprehensive cybersecurity team, you will most likely move to the cloud or seek external service partnerships. In his session at 18th Cloud Expo, Darren Guccione, CEO of Keeper Security, revealed what you need to know when it comes to encryption in the cloud.
"We build IoT infrastructure products - when you have to integrate different devices, different systems and cloud you have to build an application to do that but we eliminate the need to build an application. Our products can integrate any device, any system, any cloud regardless of protocol," explained Peter Jung, Chief Product Officer at Pulzze Systems, in this SYS-CON.tv interview at @ThingsExpo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
"We are an all-flash array storage provider but our focus has been on VM-aware storage specifically for virtualized applications," stated Dhiraj Sehgal of Tintri in this SYS-CON.tv interview at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, discussed how Dice leverages data insights and tools to help both tech professionals and recruiters better understand how skills relate to each other and which skills are in high demand using interactive visualizations and salary indicator tools to maximize earning potential. Manish Dixit is VP of Product and Engineering at Dice. As the leader of the Product, Engineering and Data Sciences team at D...
It's easy to assume that your app will run on a fast and reliable network. The reality for your app's users, though, is often a slow, unreliable network with spotty coverage. What happens when the network doesn't work, or when the device is in airplane mode? You get unhappy, frustrated users. An offline-first app is an app that works, without error, when there is no network connection. In his session at 18th Cloud Expo, Bradley Holt, a Developer Advocate with IBM Cloud Data Services, discussed...
Data is the fuel that drives the machine learning algorithmic engines and ultimately provides the business value. In his session at 20th Cloud Expo, Ed Featherston, director/senior enterprise architect at Collaborative Consulting, will discuss the key considerations around quality, volume, timeliness, and pedigree that must be dealt with in order to properly fuel that engine.
Between 2005 and 2020, data volumes will grow by a factor of 300 – enough data to stack CDs from the earth to the moon 162 times. This has come to be known as the ‘big data’ phenomenon. Unfortunately, traditional approaches to handling, storing and analyzing data aren’t adequate at this scale: they’re too costly, slow and physically cumbersome to keep up. Fortunately, in response a new breed of technology has emerged that is cheaper, faster and more scalable. Yet, in meeting these new needs they...
In addition to all the benefits, IoT is also bringing new kind of customer experience challenges - cars that unlock themselves, thermostats turning houses into saunas and baby video monitors broadcasting over the internet. This list can only increase because while IoT services should be intuitive and simple to use, the delivery ecosystem is a myriad of potential problems as IoT explodes complexity. So finding a performance issue is like finding the proverbial needle in the haystack.
When it comes to cloud computing, the ability to turn massive amounts of compute cores on and off on demand sounds attractive to IT staff, who need to manage peaks and valleys in user activity. With cloud bursting, the majority of the data can stay on premises while tapping into compute from public cloud providers, reducing risk and minimizing need to move large files. In his session at 18th Cloud Expo, Scott Jeschonek, Director of Product Management at Avere Systems, discussed the IT and busin...
According to Forrester Research, every business will become either a digital predator or digital prey by 2020. To avoid demise, organizations must rapidly create new sources of value in their end-to-end customer experiences. True digital predators also must break down information and process silos and extend digital transformation initiatives to empower employees with the digital resources needed to win, serve, and retain customers.
"We are the public cloud providers. We are currently providing 50% of the resources they need for doing e-commerce business in China and we are hosting about 60% of mobile gaming in China," explained Yi Zheng, CPO and VP of Engineering at CDS Global Cloud, in this SYS-CON.tv interview at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
Fact is, enterprises have significant legacy voice infrastructure that’s costly to replace with pure IP solutions. How can we bring this analog infrastructure into our shiny new cloud applications? There are proven methods to bind both legacy voice applications and traditional PSTN audio into cloud-based applications and services at a carrier scale. Some of the most successful implementations leverage WebRTC, WebSockets, SIP and other open source technologies. In his session at @ThingsExpo, Da...