PCI DSS - Positive Trends Emerge in Latest Compliance Report

 ‘26% of non-compliant organizations suffered more than five breaches over two-year period’

According to the latest study by Ponemon Institute 64% of organizations that are compliant with the Payment Card Industry’s Data Security Standards (PCI DSS) had no breaches involving credit card data over the past two years.  At the same time, only 38% of non-compliant organizations reported suffering no breaches involving credit card data over the same period.  The 2011 PCI DSS Compliance Trends Study surveyed 670 US and multinational IT security practitioners on PCI DSS compliance, a previous study had been conducted in 2009.

Overall on data breaches, 63% of PCI DSS compliant organizations suffered no more than a single data breach, compared to 22% of non-compliant organizations. Notably, 26% of non-compliant organizations suffered more than five breaches over the same two-year period.  This year’s report also found that two-thirds of respondents have achieved substantial compliance with PCI DSS. This compares with only half of the respondents in a comparable 2009 study. Roughly 25% of respondents in 2009 had not achieved any level of compliance, whereas the percentage dropped to only 16% of those surveyed in 2011.

Although the perception among respondents is that PCI DSS compliance is not working for them, (only 12% considered it as having a positive effect on their organisation’s security)  when measured against actual data breaches and the impact of being PCI DSS compliant, very different results were revealed. 
It was also highlighted that the designation of a clear leader to manage the PCI DSS process is critical to its success and that a key point in achieving and maintaining compliance is not necessarily by increasing budgets but by using the most cost effective solution to manage the process.

Data Leakage Prevention (DLP) programs helps to secure critical, unsecured and sensitive data by firstly discovering & identifying the data that needs to be protected.  PixAlert provides solutions that enable organisations gain visibility over credit card holder data held on networks helping organisations lessen their PCI DSS scope and reducing time to accreditation and compliance costs. Through a well defined process PixAlert’s Critical Data Auditor software helps organisations efficiently discover where their critical and sensitive data is located.   The technology rapidly scans networks to discover exposed sensitive data, such as credit card, bank account and social security numbers.

For further information download PixAlert’s PCI DSS positioning white paper or email This e-mail address is being protected from spambots. You need JavaScript enabled to view it or visit PixAlert's website

Author: Niamh Hayes, Marketing Advisor, PixAlert

Article Source: InfoSecurity/Ponemon Institute (in association with Imperva)