Is PCI Compliance Just Too Complex?
Many businesses are extremely susceptible to data breaches.
Turn on the screen, open the newspaper or scroll through social media and you’re sure to see a headline of another cyber hacking or breach of security. Why? Many businesses are extremely susceptible to data breaches and the worst part – it’s at their customers’ expense. Take a look at these three major data breaches from the past and the heavy fallout:
Here’s the kicker, these breaches could have been avoided through PCI compliance. Inadequate software solutions and policies created a major gap in security for Home Depot, and the use of antivirus software failed to monitor the network for unusual behavior. The case of the Chipotle hacking could have been avoided with stronger security measures and better monitoring systems. And, reports show TJX companies failed to comply with nine out of the twelve PCI requirements.
So, if hackings are on the rise and businesses know they’re vulnerable, what’s going on? Is PCI compliance just too complex?
PCI is comprised of 12 security requirements, and while the number of businesses achieving full compliance with their annual review reached a record of 55.4 percent last year, nearly half of companies fall out of compliance within a year. Once you’ve reached compliance, the challenging part is maintaining it. You need routine testing and the ability to recognize and remediate any issues quickly.
The truth is, PCI compliance isn’t too complex – you just need a dedicated expert who understands the requirements. We don’t want you to become the next big headline of another data breach, the consequences are too great.
Creswell, J. (2014, Sept 19). Ex-Employees Say Home Depot Left Data Vulnerable. Retrieved from https://www.nytimes.com/2014/09/20/business/ex-employees-say-home-depot-left-data-vulnerable.html
Kollmeyer, B. (2017, May 30). Chipotle’s Data Breach: How to Tell if You May Have Been a Victim. Retrieved from https://www.marketwatch.com/story/chipotles-data-breach-how-to-tell-if-you-may-have-been-a-victim-2017-05-27
Vijayan, J. (2007, Oct 26). TJX Violated Nine of 12 PCI Controls at Time of Breach, Court Filings Say. Retrieved from https://www.computerworld.com/article/2539588/security0/tjx-violated-nine-of-12-pci-controls-at-time-of-breach–court-filings-say.html
Kawamoto, D. (2017, Aug 31). Verizon Report: Businesses Hit with Payment Card Breaches Not Fully PCI-Compliant. Retrieved from https://www.darkreading.com/endpoint/verizon-report-businesses-hit-with-payment-card-breaches-not-fully-pci-compliant/d/d-id/1329778?piddl_msgorder=asc