Security News > 2021 > July > 1 in 5 companies fail PCI compliance assessments of their infrastructure

1 in 5 companies fail PCI compliance assessments of their infrastructure
2021-07-13 03:00

According to a recent poll by SentryBay, the infrastructure of over 21% of surveyed companies has failed key PCI compliance assessments, designed to assist them to maintain high security standards when processing customer card payments.

A further 29.3% said that they had no confidence in their own company's compliance when it came to PCI DSS. Lack of confidence in the PCI standards.

"There is still a lot of confusion amongst many companies as to what PCI DSS means to them. Many companies believe that it only applies to payments made via their website, while others believe that simply engaging a payment processor to deal with credit card transactions negates the requirements on them to ensure their own systems are still compliant, and others still think that PCI DSS applies to companies who deal only with large numbers of credit card transactions. Once companies do understand what is required from them they can address their compliance requirements much easier," Brian Honan, founder of BH Consulting, told Help Net Security.

"However, there are also a cohort of companies who had their IT infrastructures evolve over the decades without key controls such as network segmentation or clear understanding of where credit card data is stored within their environment. These companies now face the challenge of trying to comply with PCI DSS, and other regulations, as they basically need to re-engineer their current environments and retrofit security controls onto existing systems. I believe there is a large onus on the PCI Security Standards Council, the payment processors, and indeed other regulators to better educate and make organisations aware of their obligations and how they can meet those obligations," Honan concluded.

Over 24% of respondents said that educating employees on PCI compliance was their biggest challenge.

Dave Waterson, CEO at SentryBay, said: "Data security and compliance are common challenges across every touch point of the customer journey and companies should have more confidence in the standards and their own ability to adhere to them, however tasking this is. Organizations should work towards being compliant and secure simultaneously by changing their culture to address the layers of security required to meet standards."


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/MUOzsrtIPZ8/