Bill Roth, Ulitzer Editor-at-Large

Bill Roth

Subscribe to Bill Roth: eMailAlertsEmail Alerts
Get Bill Roth via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Blog Feed Post

Nearly 80% of Companies Are Not Properly Protecting Cardholder Data

This week, Verizon Business released a report showing that 79% of firms are not compliant with the 12 standards of the Payment Card Industry’s Data Security Standard (PCI DSS). Many of these firms have been PCI-compliant in the past, but have failed to continue to meet the required standards. Verizon’s report shows that firms most commonly have trouble maintaining the standards of PCI DSS requirements, 3, 10, and 11, which cover standards for protecting cardholder data, tracking and monitoring access to sensitive data, and regularly testing system security and processes.

The PCI Data Security Standard is a relatively low bar as far as security goes. The fact that companies are having a hard time maintaining compliance with it speaks to the sorry state of data security in the Cloud Age. PCI requirement 10 requires companies to log all the activity in their network (and review, secure, and retain these logs as specified). This is not a hard standard to meet—you simply need to start an appliance, point your logs, and you’re done!

PCI DSS was enacted six years ago, but it seems many firms are not taking it seriously. This puts the security of their customer cardholder data at risk. In their Data Breach Investigations Report, Verizon found that 89% of companies that suffered a breach were out of compliance with PCI standards. With just 21% of companies staying compliant, the majority of cardholders are at risk of falling victim to a breach. This is our personal information and it is essential for companies to respect their customers and implement decent security.

To learn more about PCI DSS requirements and the solutions available, click here.

Categories: PCI, Security

Read the original blog entry...

More Stories By Bill Roth

Bill Roth is a Silicon Valley veteran with over 20 years in the industry. He has played numerous product marketing, product management and engineering roles at companies like BEA, Sun, Morgan Stanley, and EBay Enterprise. He was recently named one of the World's 30 Most Influential Cloud Bloggers.