News Feature | January 16, 2015

NRF Attendees Get Preview Of Verizon 2015 PCI Report

By Trisha Leon, contributing writer

Payment Security for SMB

The Verizon Enterprise Solutions 2015 PCI Report is due out in February, but National Retail Federation Big Show Attendees on Monday had the opportunity to learn initial findings from the report. The report correlates Payment Card Industry (PCI) Data Security Standard compliance with data breaches occurring at retail businesses or restaurants. 

The study shows only one-third of companies that achieved PCI DSS compliance remained in compliance within a year, and of all of the data breaches studies, not one was fully PCI-compliant when the breach occurred. Two notable areas of noncompliance are failure to regularly test security and processes and failure to maintain firewalls.

Rodolphe Simonetti, director of compliance and governance professional services for Verizon Enterprise Solutions says “organizations need to change the way they approach security. Businesses need to adopt a model that we call ‘resilience’ which means they must accept they can never be fully secure.”

Simonetti says companies must look at security as a whole, making sure safeguards are in place, preparing for the event of a breach with a plan to mitigate its impact, planning to restore security infrastructure after a breach, and returning to normal operations as soon as possible.

The soon-to-be-released 2015 PCI report is based on three years of data and thousands of PCI assessments, mostly from Fortune 500 and large multinational companies. It also provides information on each of the 12 PCI requirements, as well as compliance with the 3.0 standard that became mandatory on Jan. 1, 2015.

Last year’s Verizon Enterprise Solutions 2014 PCI Report states, “With version 3.0, PCI DSS is more mature than ever, and covers a broad base of technologies and processes such as encryption, access control, and vulnerability scanning to offer a sound baseline of security. The range of supporting standards, roadmaps, guidance, and methodologies is expanding.” The 2014 PCI Report is still available; you can access it at www.verizonenterprise.com/pcireport/2014/.