Majority of payment card industry (PCI) companies do not comply with the data security standard (DSS), according to the 2014 PCI Compliance Report by communications giant Verizon.
The report, which offers thorough assessment of the security scenario and the threat landscape, is based on hundreds of PCI DSS assessments conducted by Verizon’s team of PCI qualified security assessors in 2011 through 2013.
Go deeper with GlobalData
It revealed that the payment card transactions have become an easy target for attackers, and incidents of data breaches have increased.
Verizon Enterprises Solutions Asia-Pacific head (PCI-DSS) Sabastien Mazas was quoted by PTI as saying that Verizon report has found that too many businesses, after following their annual assessment for meeting PCI DSS, fail to maintain ongoing compliance.
"The report reveals that in most cases, payment card data breaches are not a failure of security technology or of compliance with the PCI DSS, but rather a failure to implement appropriate compliance and security measures as intended," Mazas added.
Verizon Enterprise Solutions PCI Practice managing director Rodolphe Simonetti was quoted by the news agency as saying that many organisations view PCI compliance as a single annual event, but are unaware that the compliance needs to have a 365 day-a-year focus.
US Tariffs are shifting - will you react or anticipate?
Don’t let policy changes catch you off guard. Stay proactive with real-time data and expert analysis.
By GlobalData"However, there is a bright spot in the report. In 2013, more than 82 per cent of organisations were compliant with at least 80 per cent of the PCI standard at the time of their annual baseline assessment, compared to just 32 per cent in 2012," he added.
Region-wise, Asia-Pacific was found to be the most compliant, Mazas said.
