SYS-CON MEDIA Authors: Trevor Parsons, Sean Houghton, Glenn Rossman, Ignacio M. Llorente, Xenia von Wedel

News Feed Item

Majority of Organizations That Accept Payment Cards Fail to Maintain PCI Security Standards, New Verizon Report Finds

Noncompliance Linked to Increased Breach Risk, Financial and Reputational Damages

NEW YORK, Feb. 11, 2014 /PRNewswire/ -- A new Verizon report has found that too many businesses, following their annual assessment for meeting the Payment Card Industry Data Security Standard, fail to maintain ongoing compliance -- putting the businesses at an increased risk for data breaches, and financial and reputational damages.  

The "Verizon 2014 PCI Compliance Report" affirms that payment card transactions remain a prime target for attackers, and the rate at which data breaches are occurring appears to be increasing. It is estimated by The Nilson Report that global credit cards fraud exceeded $11 billion in 2012 alone. 

According to the report, in most cases, payment card data breaches are not a failure of security technology or of compliance with the Payment Card Industry Data Security Standard, but rather a failure to implement appropriate compliance and security measures as intended.

"We continue to see many organizations viewing PCI compliance as a single annual event, unaware that compliance needs to have a 365 day-a-year focus," stated Rodolphe Simonetti, managing director, PCI practice, Verizon Enterprise Solutions.

(NOTE:  Video, charts, infographics, full report and cover art are available for download at http://www.verizonenterprise.com/news/2014/02/PCI-Report-2014-Media-Resources.)

However, there is a bright spot in the report: Organizations' initial compliance with the PCI standard has shown some improvement. In 2013, more than 82 percent of organizations were compliant with at least 80 percent of the PCI standard at the time of their annual baseline assessment, compared with just 32 percent in 2012. 

There were also regional differences due to breach notification laws, varying legal requirements and levels of adoption. The Asia-Pacific region took the top spot (75 percent), followed by the U.S. with 56 percent and Europe with 31 percent in meeting at least 80 percent of the PCI requirements.

Areas where businesses struggle the most in achieving initial compliance include: security testing (23.8 percent); security monitoring and the ability to effectively detect and respond to data compromised (17 percent); and protecting stored sensitive data (55.6 percent).

"Anything less than 100 percent compliance is an issue for businesses today," said Simonetti. "We have seen time and time again that noncompliance leaves an organization open to credit card theft, which can potentially cost hundreds of millions of dollars when you factor in all the damages, not to mention lost consumer trust and the impact on brand reputation. Organizations need to rethink how they factor in maintaining a PCI-compliant environment, whether it's devoting more resources or working with a managed security services provider."

Report Takes In-Depth Look at Each of 12 PCI Requirements

In addition the report examines in detail how well organizations comply with each of the 12 specific PCI requirements; provides recommendations that organizations can implement to help them earn and maintain compliance; and explains how noncompliance with each requirement can lead  to a data breach.

Simonetti points out that "compliance activities should be planned; integrated with largest organizational wide governance, security and compliance initiatives; and automated as much as possible to help ensure compliance is sustainable and cost effective."

PCI Report Findings Based on Actual PCI Assessments

The report is based on findings from hundreds of PCI DSS assessments conducted by Verizon's team of PCI Qualified Security Assessors, from 2011 through 2013. Like Verizon's Data Breach Investigations Report (DBIR) series, the PCI Compliance Report is based on actual casework and is believed to be the only report of its kind in the industry. This report analyzes PCI Data Security assessment data, with a specific focus on the retail, financial services and hospitality industries across North America, Europe and the Asia-Pacific region.

Verizon Communications Inc. (NYSE, Nasdaq: VZ), headquartered in New York, is a global leader in delivering broadband and other wireless and wireline communications services to consumer, business, government and wholesale customers. Verizon Wireless operates America's most reliable wireless network, with nearly 103 million retail connections nationwide. Verizon also provides converged communications, information and entertainment services over America's most advanced fiber-optic network, and delivers integrated business solutions to customers in more than 150 countries. A Dow 30 company with more than $120 billion in 2013 revenues, Verizon employs a diverse workforce of 176,800. For more information, visit www.verizon.com.

VERIZON'S ONLINE NEWS CENTER: Verizon news releases, executive speeches and biographies, media contacts and other information are available at Verizon's online News Center at newscenter.verizon.com. The news releases are available through an RSS feed. To subscribe, visit newscenter.verizon.com/corporate/feeds.

SOURCE Verizon

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
In high-production environments where release cycles are measured in hours or minutes — not days or weeks — there's little room for mistakes and no room for confusion. Everyone has to understand what's happening, in real time, and have the means to do whatever is necessary to keep applications up and running optimally. DevOps is a high-stakes world, but done well, it delivers the agility and performance to significantly impact business competitiveness.
ScriptRock makes GuardRail, a DevOps-ready platform for configuration monitoring. Realizing we were spending way too much time digging up, cataloguing, and tracking machine configurations, we began writing our own scripts and tools to handle what is normally an enormous chore. Then we took the concept a step further, giving it a beautiful interface and making it simple enough for our bosses to understand. We named it GuardRail after its function - to allow businesses to move fast and stay sa...
SYS-CON Media announced today that Sematext launched a popular blog feed on DevOps Journal with over 6,000 story reads over the weekend. DevOps Journal is focused on this critical enterprise IT topic in the world of cloud computing. DevOps Journal brings valuable information to DevOps professionals who are transforming the way enterprise IT is done. Sematext is a globally distributed organization that builds innovative Cloud and On Premises solutions for performance monitoring, alerting an...
"BSQUARE is in the business of selling software solutions for smart connected devices. It's obvious that IoT has moved from being a technology to being a fundamental part of business, and in the last 18 months people have said let's figure out how to do it and let's put some focus on it, " explained Dave Wagstaff, VP & Chief Architect, at BSQUARE Corporation, in this SYS-CON.tv interview at @ThingsExpo, held Nov 4-6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
The major cloud platforms defy a simple, side-by-side analysis. Each of the major IaaS public-cloud platforms offers their own unique strengths and functionality. Options for on-site private cloud are diverse as well, and must be designed and deployed while taking existing legacy architecture and infrastructure into account. Then the reality is that most enterprises are embarking on a hybrid cloud strategy and programs. In this Power Panel at 15th Cloud Expo (http://www.CloudComputingExpo.com...
Leysin American School is an exclusive, private boarding school located in Leysin, Switzerland. Leysin selected an OpenStack-powered, private cloud as a service to manage multiple applications and provide development environments for students across the institution. Seeking to meet rigid data sovereignty and data integrity requirements while offering flexible, on-demand cloud resources to users, Leysin identified OpenStack as the clear choice to round out the school's cloud strategy. Additional...
Verizon Enterprise Solutions is simplifying the cloud-purchasing experience for its clients, with the launch of Verizon Cloud Marketplace, a key foundational component of the company's robust ecosystem of enterprise-class technologies. The online storefront will initially feature pre-built cloud-based services from AppDynamics, Hitachi Data Systems, Juniper Networks, PfSense and Tervela. Available globally to enterprises using Verizon Cloud, Verizon Cloud Marketplace provides a one-stop shop fo...
The move in recent years to cloud computing services and architectures has added significant pace to the application development and deployment environment. When enterprise IT can spin up large computing instances in just minutes, developers can also design and deploy in small time frames that were unimaginable a few years ago. The consequent move toward lean, agile, and fast development leads to the need for the development and operations sides to work very closely together. Thus, DevOps become...
SYS-CON Events announced today that IDenticard will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. IDenticard™ is the security division of Brady Corp (NYSE: BRC), a $1.5 billion manufacturer of identification products. We have small-company values with the strength and stability of a major corporation. IDenticard offers local sales, support and service to our customers across the United States and Canada...
SYS-CON Media announced today that Aruna Ravichandran, VP of Marketing, Application Performance Management and DevOps at CA Technologies, has joined DevOps Journal’s authors. DevOps Journal is focused on this critical enterprise IT topic in the world of cloud computing. DevOps Journal brings valuable information to DevOps professionals who are transforming the way enterprise IT is done. Aruna's inaugural article "Four Essential Cultural Hacks for DevOps Newbies" discusses how to demonstrate the...
SYS-CON Events announced today that Windstream, a leading provider of advanced network and cloud communications, has been named “Silver Sponsor” of SYS-CON's 16th International Cloud Expo®, which will take place on June 9–11, 2015, at the Javits Center in New York, NY. Windstream (Nasdaq: WIN), a FORTUNE 500 and S&P 500 company, is a leading provider of advanced network communications, including cloud computing and managed services, to businesses nationwide. The company also offers broadband, p...
SYS-CON Events announced today that AIC, a leading provider of OEM/ODM server and storage solutions, will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. AIC is a leading provider of both standard OTS, off-the-shelf, and OEM/ODM server and storage solutions. With expert in-house design capabilities, validation, manufacturing and production, AIC's broad selection of products are highly flexible and are conf...

ARMONK, N.Y., Nov. 20, 2014 /PRNewswire/ --  IBM (NYSE: IBM) today announced that it is bringing a greater level of control, security and flexibility to cloud-based application development and delivery with a single-tenant version of Bluemix, IBM's

The BPM world is going through some evolution or changes where traditional business process management solutions really have nowhere to go in terms of development of the road map. In this demo at 15th Cloud Expo, Kyle Hansen, Director of Professional Services at AgilePoint, shows AgilePoint’s unique approach to dealing with this market circumstance by developing a rapid application composition or development framework.
SYS-CON Events announced today Isomorphic Software, the global leader in high-end, web-based business applications, will exhibit at SYS-CON's DevOps Summit 2015 New York, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. Isomorphic Software is the global leader in high-end, web-based business applications. We develop, market, and support the SmartClient & Smart GWT HTML5/Ajax platform, combining the productivity and performance of traditional desktop software ...