Nearly 80 percent of all businesses fail their interim Payment Card Industry (PCI) compliance assessment leaving them vulnerable to cyberattacks, according to Verizon’s 2015 PCI Compliance Report.
Based on actual casework, the report examines the state of Payment Card Industry Data Security Standard compliance and its correlation to data breaches in financial services, retail, travel, hospitality and other industries.
This year’s report covers four years of data and includes the results from thousands of PCI assessments conducted by Verizon’s team of PCI-qualified security assessors for Fortune 500 and large multinational firms in more than 30 countries.
Key Findings From This Year’s Report:
- Only 28 percent of companies are still fully PCI DSS-compliant less than a year after being validated.
- However, twice as many companies were validated as compliant during their initial compliance review in 2014, as compared with 2013.
- Between 2013 and 2014, compliance increased for 11 of the 12 PCI DSS Requirements (with an average increase of 18 percentage points).
- The biggest jump in compliance was in authenticating access (Requirement 8), but compliance fell in testing security systems (Requirement 11).
The 2015 report includes details on how and where companies fall out of compliance once achieved. It also includes a section explaining “how to make compliance easier,” featuring actionable recommendations for enterprises that want to stay PCI compliant.