PCI Compliance Is Not Just an Annual Event
There is one common theme connecting all the companies that have experienced cardholder data breaches over the past five years; not one was in full compliance with the Payment Card Industry Data Security Standard (PCI DSS) at the time of the breach.
The reality is that whilst a number of the affected companies were compliant once, they were no longer compliant at the time of the breach. In fact, reports show that companies potentially lose their full compliance status as quickly as a few weeks after their assessment.
A recent report found that despite an increase of 3.6% in the past year, only 11.1% of organisations that accept card payments complied with PCI DSS in 2013. The report is based on findings from hundreds of PCI DSS assessments conducted by PCI Qualified Security Assessors from 2011 to 2013.
These figures show that businesses have begun to realise the benefits of complying with the security standards, but still have a long way to go.
Why Does PCI Compliance Slip?
Many organisations remain at risk by failing to maintain full PCI compliance and being unable to attain compliance the following year, which often leaves them exposed. There are various reasons for this:
- Cost – Compliance potentially represents a large segment of a business’s annual operational budget
- Time – Attaining compliance is not a quick fix and often takes months to ensure a company is ready for a visit from the QSA
- Resources – The task of becoming compliant or maintaining compliance is often left with a senior member of staff whose time is solely focused on PCI DSS
Unfortunately, Europe is falling behind the rest of the world with only 31% of businesses accomplishing 80% or more of the PCI DSS requirements, as opposed to 75% in Asia and 56% in the US.
Achieving PCI compliance and maintaining it is often seen as an arduous, expensive and time-consuming task. More and more companies are looking to implement cost-effective secure payment solutions that help them achieve and maintain full compliance with PCI DSS, and that’s where we come in.
If you’d like to find out more about our suite of smart PCI solutions, please get in touch with our consultants today.