Verizon Says Most Companies Not Fully Protecting Card Data
Nearly 90 percent of organizations are not fully protecting the payment card data they manage, according to a new Verizon Enterprise Solutions report. Just 11.1 percent of organizations fully comply with all 12 requirements of the PCI Data Security Standards, Verizon says. Still, the number of firms whose PCI compliance efforts are improving year to year is gaining, with Verizon categorizing slightly more than 70 percent of organizations in the report as between 81 and 99 percent compliant in 2013. Only a quarter of organizations had attained that level in 2012, and Verizon attributes the increase to growing awareness of data security standards from security vendors, card brands, and the PCI governing body, and elevated concern for card data spurred by high-profile data breaches. Also aiding growth has been clearer interpretations of the PCI standards, Verizon notes. Comparison to the Verizon 2013 Data Breach Investigations Report revealed that companies suffering a data breach tend to be less effective at restricting access to cardholder data on a need-to-know basis and generating and maintaining precise logs of consumer activity on all devices. The report says these two factors played major roles in breaches and losses of cardholder data last year.
From “Nearly 90% of Companies Fall Short of Protecting Payment Card Data, Verizon Says”
Internet Retailer (02/27/14) Andre, Madeline