With so many data breaches in the news these days, the findings of a new report may not be too surprising. Verizon’s Payment Card Industry (PCI) Compliance Report evaluates organizations’ compliance with the industry security standards set by the PCI Security Standards Council.
The Verizon study reported that many companies are failing to implement and comply with those standards, which include 12 requirements designed to ensure that customers’ payment information is safe.
Recent security issues may not be because of a technology failure, but because merchants are not following standard procedures to ensure the security of their customers’ information.
Worldwide, the Asia-Pacific region had the highest rate of compliance with 75% of companies there meeting 80% of the compliance standards. The United States took second place with 56% of companies in compliance at the 80% mark. Europe came in third with only 31% at that level.
Things are improving though. Compliance was significantly higher in 2013 than in 2012, when only 32% of companies were meeting that 80% benchmark. In 2013, that number rose to 82% of companies at that level.
“Many organizations view PCI compliance as a single annual event, unaware that compliance needs to have a 365 day-a-year focus,” according to Rodolphe Simonetti, managing director of PCI practice for Verizon Enterprise Solutions.
Any level of noncompliance “leaves an organization open to credit card theft, which can potentially cost hundreds of millions of dollars,” he added. It also affects companies’ reputations and can result in a loss of consumer trust. Global credit card fraud resulted in more than $11 billion in losses during 2012, according to the Nilson Report.
Specific areas where noncompliance was common included security testing, security monitoring, effective detection and response to compromised data, and protecting stored sensitive data. Consumers who believe their personal information or payment data may have been compromised by a security breach should monitor their accounts closely for unrecognized charges or unusual activity.