Recently, Verizon issued a report on Payment Card Industry Data Security Standards — PCI DSS for short. The results were pretty bracing. As Computer Weekly summarizes “nearly 80% of businesses fail their interim PCI compliance assessment, leaving them vulnerable to cyber attacks, according to Verizon’s 2015 PCI Compliance Report “
Perhaps equally troubling “the report also showed only 29% of companies remain fully compliant with the PCI DSS standard less than a year after being awarded their compliance certificate.”
Meaning there are still a lot of unkept promises to customers in cyber-land, about how safe their data is.
And yet, as startling as this may be, ZDNet reports that the trendline is actually positive, since the 20% number of companies in compliance was a higher figure than the year before.
“Previous reports showed that in 2013, only 11.1 percent of organisations globally were fully PCI compliant, with average global compliance rising to 93.7 percent in 2014, up from 85.2 percent.
“The report indicated that the level of full compliance was due to an improvement of compliance across the board, with over 60 percent of companies assessed during 2014 compliant with any of the 12 PCI DSS requirements. As a result, PCI DSS compliance went up by an average of 18 percent for 11 out of 12 requirements.”
What are those 12 requirements? The include all the things you’ve been reading about over the weeks and months here on the AVPS Blog: Protecting data while its in transit, and when it’s stored, making sure antivirus software is up to do date, controlling access to data and machines, keeping security policies updated, and more.
The Computer Weekly article acknowledges that “though there is progress in many key areas in protecting payment card data, the report shows there remains a long way to go.” Significantly, it also notes that “Verizon’s cyber security research has consistently found that, since 2009, organisations suffering a data breach showed lower-than-normal compliance with a number of PCI DSS controls.”
And unfortunately, “one of the biggest negative effects of data breaches is the loss of customer trust; studies show 69% of consumers are less inclined to do business with an organisation that has been breached.”
Don’t let that be your company! Contact your AVPS Rep today with any question’s about your businesses’ own PCI Compliance, in addition to any other questions (or equipment upgrades!) you might need to get ready for EMV cards, or to offer a broader range of payment options to your customers, or more. We want to help you keep those customers fully “inclined” to do business with you!