PCI Compliance does give protection against data breaches

[Jake Kouns <jkouns () opensecurityfoundation org>]

http://www.itwire.com/business-it-news/security/42297-pci-compliance-does-give-protection-against-data-breaches

Based on a sample of 200, Verizon Business determined that those
organisations suffering some kind of data breach were 50% less likely
to be PCI compliant.

The Payment Card Industry Data Security Standard (PCI-DSS) is a
wide-ranging set of rules, procedures and technical implementations
that assist to ensure the security and confidentiality of credit card
information in the hands of vendors and other payment processing
organisations.

It has always been assumed that the greater adherence an organisation
has to PCI-DSS, the more resilient it would be to an attack.  Verizon
Business' research into the topic conducted by its team of Qualified
Security Assessors in the execution of site assessments gives real
insight into levels of compliance and the likelihood of intrusion.

"The Verizon Payment Card Industry Compliance Report gives
organisations an unprecedented view into the state of PCI compliance
across the board, specifically pointing out which requirements are
most difficult to meet," said Peter Tippett, vice president of
technology and innovation at Verizon Business.

"We hope this report will help organisations approach PCI compliance
in a more informed and effective way.  Ultimately, we want the same
thing as the rest of the industry:  fewer payment card losses and data
breaches."

According to the report:

Only 22 percent of organisations are compliant initially. Most
organisations were not compliant with the PCI requirements at the time
of the Initial Report on Compliance, when Verizon QSAs first evaluate
an organisation against the standard.  The majority of the fully
compliant organisations were veterans of the process or were not
required to comply with all of the requirements.

Compliance, however, is in reach.  While 78 percent of organisations
are not compliant initially, the findings show that, on average,
organisations meet 81 percent of the procedures required by PCI.  In
fact, three-quarters of the organisations met at least 70 percent of
the testing procedures, meaning that with more diligence, they have a
good chance of becoming compliant.  Only 11 percent of organisations
met less than half the testing procedures at the time of their initial
review.

[..]
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/

Take CREDANT Technologies short survey on cloud usage and security.
Take the survey: http://www.surveymonkey.com/s/TXDR7WT
Respond by October 12, 2010.
Enter to win a $500(US) Amazon Gift Card.