Most Organizations Fall Short On PCI DSS, Verizon Reports

Most Organizations Fall Short On PCI DSS, Verizon Reports: Page 2 of 2

This year's Verizon 2011 Payment Card Industry Compliance Report validates the findings of the first report issued last year: About one in five organizations for which Verizon provided QSA services were fully compliant in their Initial Report on Compliance (IROC), but the balance were found lacking, on average passing about 80% of the QSA evaluation tests.

September 28, 2011

Requirements 3 and 11 were at the bottom in the 2010 report, as well. The continued poor compliance with Requirement 11 is typical of the "set and forget" approach, as opposed to continuous compliance, the report observes, and the lack of security policies, which drive practice, is disturbing.

The strongest requirements in terms of initial compliance were:

Requirement 4: Encrypt transmissions over public networks (72%)

Requirement 5: Use and update anti-virus (64%)

Requirement 7: Restrict access to need-to-know (75%)

Requirement 9: Restrict physical access (55%)

The report notes that with anti-virus, some organizations may use acceptable compensating controls, such as whitelisting technology. The report also found that organizations analyzed in the Verizon Data Breach Investigations Report showed a generally lower rate of PCI compliance across most requirements, indicating a correlation between poor compliance and weak security.

Although only a fifth of the companies were 100% compliant initially, more than a third passed between 90% and 99% of the tests. On the down side, one in five organizations passed fewer than 50% of the tests.

See more on this topic by subscribing to Network Computing Pro Reports Strategy: Security via Compliance (subscription required).

Subsea Cable Alternatives Get Serious Attention

Salvatore Salamone, Managing Editor, Network Computing

April 08, 2024

Subsea cable alternatives can provide a level of comfort for those concerned about disruptions. Realistically, they will continue to play a small, but critical role in the short term.

Technical Debt and the Hidden Cost of Network Management: Why it’s Time to Revisit Your Network Foundations

Lee Howard, Senior Vice President, IPv4.Global

April 05, 2024

Maintaining existing network infrastructures often incurs huge technical debt before newer technologies are adopted over time.

Creating a Global Connectivity Development Strategy: Driving Growth with Low Latency Networks

Veer Passi, Group CEO, Kalaam Telecom

April 03, 2024

Amid ongoing regional uncertainties, telecom infrastructure in the Middle East has expand to include terrestrial low-latency network infrastructure, which offers resilience and agility in navigating political complexities without relying solely on undersea networks.

Most Organizations Fall Short On PCI DSS, Verizon Reports: Page 2 of 2

Tags:

Recommended For You

Subsea Cable Alternatives Get Serious Attention

Technical Debt and the Hidden Cost of Network Management: Why it’s Time to Revisit Your Network Foundations

Creating a Global Connectivity Development Strategy: Driving Growth with Low Latency Networks

Search form

Most Organizations Fall Short On PCI DSS, Verizon Reports: Page 2 of 2

Tags:

Recommended For You

Subsea Cable Alternatives Get Serious Attention

Technical Debt and the Hidden Cost of Network Management: Why it’s Time to Revisit Your Network Foundations

Creating a Global Connectivity Development Strategy: Driving Growth with Low Latency Networks