VeriSign: Many Short of PCI Standards

VeriSign finds 53% of companies assessed fall short of mandatory security standards

Dark Reading Staff, Dark Reading

September 19, 2007

2 Min Read
Dark Reading logo in a gray background | Dark Reading

MOUNTAIN VIEW, Calif. -- As large companies face a Sept. 30 Payment Card Industry (PCI) deadline to lock down their networks and customer data, a new report reveals where many are falling short of mandatory security standards. In fact, more than half of the companies profiled in the report still do not sufficiently protect sensitive consumer information.

The report, published by VeriSign, Inc. (NASDAQ: VRSN), the leading provider of digital infrastructure for the networked world, found that 53 percent of enterprise-class companies do not meet the data security standards established by the PCI. The report also lists the top 10 reasons companies fail PCI data security audits. PCI security standards apply to all companies that store, process and transmit credit and debit card payment information.

VeriSign’s Global Security Consulting team, which authored the report, found that companies are struggling to comply with PCI standards in several key areas, including regular testing, securing applications, logging and protecting data. In fact, regular testing was the chief failure point for audited companies, with 48 percent failing that requirement.

VeriSign based its report findings on 60 recent PCI audits involving 50 different large companies. Unless they pass the audits, which evaluate how well companies comply with more than 230 data security requirements, the firms may face stiff fines or risk losing their ability to process credit card transactions. The Sept. 30 compliance validation deadline to avoid fines and/or higher interchange fees was set for all merchants and service providers by VISA USA as part of their Compliance Acceleration Program[1].

"To live up to the trust of their customers, companies in the payment card industry need to implement enterprise-wide security processes and controls to protect card data and other sensitive customer information," said John Pescatore, vice president, Gartner Inc. "The key to making PCI DSS compliance less cumbersome and less complex is to build security into ongoing operations."

VeriSign Inc. (Nasdaq: VRSN)

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights