Merchants Struggle with PCI DSS compliance as Deadline Passes Merchants Struggle with PCI DSS compliance as Deadline Passes

Merchants Struggle with PCI DSS compliance as Deadline Passes

by Calyptix, January 27, 2015

PCI DSS ComplianceIt’s official: PCI DSS 3.0 is mandatory. The Jan. 1 deadline to adopt the new standards has passed.

Even though merchants were allowed to follow the older 2.0 rules throughout 2014, many still had trouble with compliance, according to a sneak preview of Verizon’s 2015 PCI Compliance Report.

Verizon previewed its annual report at the National Retail Federation Conference this month in New York.

A few highlights:

  • Many companies achieve compliance only for a short period. Fewer than 33% were still compliant less than 12 months later.
  • Of the data breaches Verizon looked at, not a single company was fully compliant at the time of the breach.

Top major areas where organizations fail to meet PCI compliance:

  • Requirement 1: Install and maintain a firewall configuration to protect cardholder data
  • Requirement 11: Regularly test security systems and processes

Verizon’s report, due out in February, will examine compliance with the Payment Card Industry Data Security Standard and its correlation to data breaches. It’s expected to cover three years of data and have results from thousands of PCI assessments by Verizon’s team.

We’re looking forward to the report and will be sure to mine it for insights and show you the highlights once it’s published.

 

PCI-DSS-for-IT-providers-CTA

 

No Comments


    Leave a Reply

    Your email address will not be published Required fields are marked *

    You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

    *