Network Computing is part of the Informa Tech Division of Informa PLC
Most Organizations Fall Short On PCI DSS, Verizon Reports
This year's Verizon 2011 Payment Card Industry Compliance Report validates the findings of the first report issued last year: About one in five organizations for which Verizon provided Qualified Security Assessor (QSA) services were fully compliant in their Initial Report on Compliance (IROC), but the balance were found lacking, on average passing about 80% of the QSA evaluation tests.
The report, based on analysis of 2010 audits, produced results comparable with the first report, based on cumulative 2008 to 2009 data. This indicates a consistent pattern of enterprise compliance and non-compliance during three years. "The longer you see a certain pattern seems to suggest that pattern points to something real," says Cory Wade, Verizon director of risk intelligence.
Verizon says that the findings indicate a pattern of backsliding after organizations achieve compliance, failing a fifth of their tests, on average, in the following IROC. The organizations that pass all tests initially have continuous compliance programs that they maintain throughout the year.
"If we could plot the compliance level going forward in time, I get a sense it would look like a roller coaster," says Wade. "You have an upswing when the QSA shows up, then they hit peak and start to slide during the remainder of the year."
The report is based on QSA audits of more than 100 Verizon clients, with about 60% based in the United States and most of the rest from Europe with a small Asian representation. The PCI requirements that proved most difficult in terms of compliance of organizations that passed the relevant tests:
Recommended For You
Developing and managing a network budget is hard work for network professionals, who often get hit with new projects that they know nothing about. Is there a better way to manage network spending?
Making the jump from outdated legacy technology to a more modern digital infrastructure will allow businesses to innovate at the speed and scale needed in today’s marketplace.
The business world is speeding up. The longer IT leaders wait to get their needs met, the more at risk their businesses and their jobs will be.