Most Organizations Slipping Out of PCI Compliance Within a Year: Survey

[InfoSec News <alerts () infosecnews org>]

http://www.eweek.com/c/a/Security/Most-Organizations-Slipping-Out-of-PCI-Compliance-Within-a-Year-Survey-553745/

By Fahmida Y. Rashid
eWEEK.com
2011-09-28

Retailers and merchants are still falling short of payment card security 
requirements, according to a new report.

The latest Payment Card Industry Compliance Report found that a majority 
of small businesses in the United States, Europe and Asia have fallen 
short of maintaining compliance with the Payment Card Industry Data 
Security Standard (PCI-DSS), Verizon Business said Sept. 28. The 
compliance situation has "neither worsened nor improved," but the 
results are still "disappointing," the report's authors wrote.

Of the 100 organizations that had been evaluated and validated by 
Verizon Business in the 2010 report as meeting PCI-DSS requirements, 
more than 75 percent are no longer compliant, the report found. The 
organizations had slipped out of compliance over the year, making them 
vulnerable to cyber-attacks.

There is a glimmer of good news. The report did not find any evaluated 
organizations that had regressed to having no security at all, but that 
they were missing some elements. For an organization to be able to claim 
to be PCI-compliant, it has to score 100 percent on the audit. The 
report found that 21 percent scored 100 percent and 37 percent 90 
percent or higher, meaning that more than half scored 90 percent or 
better.

[...]


_____________________________________________________________
FINAL CALL to register #HITB2011KUL - Asia's premier
deep-knowledge network security event now in it's 9th year!
http://conference.hitb.org/hitbsecconf2011kul/