RSS Alerts

Related Links

Related Stories

  • PCI-DSS compliance does not always guarantee security
    Newswire reports that some of the firms who have experienced data breaches in recent months were PCI-DSS-compliant highlights the fact that - even if a company has passed the standard on the regulatory front - this does not guarantee the integrity of their IT security systems, says Tufin Technologies, the security lifecycle management specialist.
  • PCI-DSS failure could hit brands, gaming firms told
    The potential damage to a brand justifies the high cost of Payment Card Industry Data Security Standard (PCI-DSS) security compliance work, a major payment card operator told a gambling conference.
  • PCI: here to stay
    As retailers face the costs and changes involved in complying with the Payment Card Industry Data Security Standard, its worth and necessity are up for debate, with some arguing it gives a raw deal to retailers. Dan Ilett investigates
  • US standards drive Canadian information security
    An absence of legislation and the presence of the laissez-faire attitude has resulted in Canada being rather lax when it comes to information security compliance. Robin Arnfield looks at how US standards are driving the Canadian information security marketplace
  • Comment: Conforming to PCI DSS
    Organisations that transmit, store or process payment card details and that fail to comply with the Payment Card Industry Data Security Standard (PCI DSS) face serious penalties and potential fines of £50K+, damage to brand reputation, loss of business and the risk of closure, says Mike Gillespie, director at independent protective security consultancy, Advent IM. It’s an issue of great concern to many businesses and a topic much debated on business forums.

News

Ponemon and Imperva survey shows firms struggling on payment data security

23 September 2009

Research released today by the Ponemon Institute and sponsored by Imperva, the data security specialist, claims to show that companies are still struggling to protect consumer credit card data.

According to Brian Contos, Imperva's security strategist, 71% of companies are failing to treat the Payment Card Industry Data Security Standard (PCI-DSS) as a strategic initiative, even though 79% of them have experienced a data breach.

Researchers found that 55% of respondent firms do not secure social security numbers, driver's licence numbers, and bank account details.

Interestingly, the research found that consumers are more at risk with smaller businesses

"We found that, whilst PCI-DSS compliance is of major interest to enterprise users, there's still a way to go with smaller businesses", Contos told Infosecurity.

"The vast majority of companies that need to be PCI-DSS compliant say, however, that they are very receptive to suggestions on compliance, but they are not overly concerned about the issue."

"It's a bit like paying taxes. Companies know they have to abide by the rules, but they don't put an immense amount of effort into the PCI-DSS compliance."

Contos said that the survey also found that companies taking a strategic approach to PCI-DSS compliance have fewer data breaches.

Based on these findings, Imperva is making a number of specific recommendations to consumers, businesses and the PCI-DSS Council to improve the safety of consumers' personal information

 

 

This article is featured in:
Compliance and Policy Data Loss

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water