Merchants Struggle with PCI DSS compliance as Deadline Passes

PCI DSS ComplianceIt’s official: PCI DSS 3.0 is mandatory. The Jan. 1 deadline to adopt the new standards has passed.

Even though merchants were allowed to follow the older 2.0 rules throughout 2014, many still had trouble with compliance, according to a sneak preview of Verizon’s 2015 PCI Compliance Report.

Verizon previewed its annual report at the National Retail Federation Conference this month in New York.

A few highlights:

  • Many companies achieve compliance only for a short period. Fewer than 33% were still compliant less than 12 months later.
  • Of the data breaches Verizon looked at, not a single company was fully compliant at the time of the breach.

Top major areas where organizations fail to meet PCI compliance:

  • Requirement 1: Install and maintain a firewall configuration to protect cardholder data
  • Requirement 11: Regularly test security systems and processes

Verizon’s report, due out in February, will examine compliance with the Payment Card Industry Data Security Standard and its correlation to data breaches. It’s expected to cover three years of data and have results from thousands of PCI assessments by Verizon’s team.

We’re looking forward to the report and will be sure to mine it for insights and show you the highlights once it’s published.




Written by Calyptix

 - January 27, 2015

About Us

Calyptix Security helps small and medium offices secure their networks so they can raise profits, protect investments, and control technology. Our customers do not waste time with security products designed for large enterprises. Instead, we make it easy for SMBs to protect and manage networks of up to 350 users.
call us
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram