A new report into how companies are coping with the Payment Card Industry Data Security Standard (PCI DSS) has found that a large number of businesses dealing with significant numbers of transactions on a daily basis are failing to comply to the regulations, leaving themselves open to exploitation and data loss.
Verizon commissioned the study and said that those firms who exhibited a willingness to comply with the PCI DSS, were much less at risk of security breaches and data loss than those who were failing to meet with the expectations of the regulators.
The results of the study confirmed that of the businesses who had seen their systems breached, there was a 50 per cent greater chance of it occurring if noncompliance was noted.
Twenty-two per cent of firms which handle payment card data were found to be inadequately prepared and failed to meet the stringent requirements of the PCI DSS. However among these there were still many businesses which had in place the necessary measures to match the PCI DSS’ most significant rulings.
Seventy-five per cent of respondents to the study were found to have complied with around 70 per cent of the PCI DSS requirements.
Verizon surmised that although compliance can be patchy and inconsistent, the areas in which it is most lacking are those that expose firms to the greatest threat of data loss. Many firms showed that they could not actively record the individuals accessing the network. Issues such as failing to regularly test the strength of security of payment card transactions and data storage were also common.
Experts believe that many firms which fail to comply with the PCI DSS should review their policies and set in place systems which will allow them to stay within the remit of the regulations over a long period, rather than as a one-off blitz to improve security that will not be effective over time.
Verizon’s Peter Tippett said that the study was intended to act as an incentive for businesses to review the PCI DSS and tweak internal policies to ensure compliance.