A new study has analysed trends in compliance with the Payment Card Industry Data Security Standards (PCI DSS) and has found that encryption at both ends of any transaction is the best way for vendors and consumers to remain protected.
Research by the Ponemon institute has found that although general audits find very small numbers of businesses to be in breach of PCI DSS rules, up to 41 per cent are relying on stopgap measures to get through audits, leaving themselves vulnerable when not under scrutiny.
A spokesperson for the Ponemon institute spoke about the findings of the report, saying that industry experts acknowledged that the diversity of technology and the rigour of the PCI DSS made it difficult for some businesses to comply. In some cases businesses are actually putting their customers’ data at risk because they are too focused on compliance and consequently ignore the more obvious flaws.
The report shows that most believe that businesses have trouble restricting access to customer data when it is necessary to share certain elements within an organisation or amongst multiple parties.
The total protection of payment card information from the end user to the receiving firm and back is always a hot topic and the report found that 60 per cent of experts are convinced that encryption of the data at both ends is the best way in which to ensure the necessary security to meet regulations.
Encryption brings its own problems with it and the most pressing issue here is how to manage and to safeguard the keys which allow businesses access to the payment card information of their customers.
Businesses are being urged to work hard at adhering to the PCI DSS without becoming blinded to data security issues in the wider context. With greater protection for customers, businesses are protecting their own reputations and futures and compliance should go some way towards cutting costs.
Those businesses that pay for independent audits to ensure compliance can spend up to £334,000 each year, although the average is a more manageable £170,000 for the very largest organisations.
