Shocker: Nearly 80% of Businesses Fail Interim PCI Compliance

Recently, Verizon issued a report on Payment Card Industry Data Security Standards — PCI DSS for short. The results were pretty bracing. As Computer Weekly summarizes “nearly 80% of businesses fail their interim PCI compliance assessment, leaving them vulnerable to cyber attacks, according to Verizon’s 2015 PCI Compliance Report “

Perhaps equally troubling “the report also showed only 29% of companies remain fully compliant with the PCI DSS standard less than a year after being awarded their compliance certificate.”

Meaning there are still a lot of unkept promises to customers in cyber-land, about how safe their data is.

Positive Trend in Compliance

And yet, as startling as this may be, ZDNet reports that the trendline is actually positive, since the 20% number of companies in compliance was a higher figure than the year before.

“Previous reports showed that in 2013, only 11.1 percent of organisations globally were fully PCI compliant, with average global compliance rising to 93.7 percent in 2014, up from 85.2 percent.

“The report indicated that the level of full compliance was due to an improvement of compliance across the board, with over 60 percent of companies assessed during 2014 compliant with any of the 12 PCI DSS requirements. As a result, PCI DSS compliance went up by an average of 18 percent for 11 out of 12 requirements.”

The 12 PCI DSS Requirements

What are those 12 requirements? These are all the aspects you’ve been learning about throughout the weeks and months on the AVPS Blog. They encompass protecting data during transit and storage, ensuring antivirus software is regularly updated, controlling access to data and machines, keeping security policies current, and more.

Remaining Challenges

The Computer Weekly article acknowledges that “though there is progress in many key areas in protecting payment card data, the report shows there remains a long way to go.” Significantly, it also notes that “Verizon’s cyber security research has consistently found that, since 2009, organisations suffering a data breach showed lower-than-normal compliance with a number of PCI DSS controls.”

Regrettably, one of the major adverse consequences of data breaches is the erosion of customer trust. Research indicates that 69% of consumers are less likely to engage with an organization that has experienced a breach.

Contact AVPS for Assistance

Don’t let that  be your company! Contact your AVPS Rep today with any question’s about your businesses’ own PCI Compliance, in addition to any other questions (or equipment upgrades!) you might need to get ready for EMV cards, or to offer a broader range of payment options to your customers, or more. We want to help you keep those customers fully “inclined” to do business with you!