News Column

NTT Com Security Research Reveals Businesses are not Ready for PCI DSS 3.0

June 9, 2014

41 percent surveyed aware of PCI DSS 3.0 but have no plans in place, while 70 percent of respondents still unaware of the looming deadline for PCI DSS 3.0 compliance

BLOOMFIELD, Conn.--(BUSINESS WIRE)-- Global information security and risk management company, NTT Com Security (formerly Integralis) has found that many U.S. businesses are unprepared for the Payment Card Industry Data Security Standard 3.0, or PCI DSS 3.0, as issued by the Payment Card Industry Security Standards Council.

In a rolling survey to assess the awareness, acceptance and understanding of PCI DSS 3.0, just 30 percent of respondents say they have reviewed all requirements and have a plan in place, while 41 percent claim to have heard of PCI DSS 3.0 but have no specific plan for compliance. When asked to name the exact date by which they need to be PCI DSS 3.0 compliant, 70 percent of respondents remain unaware of the standard’s deadline.

When questioned over compliance with existing PCI DSS 2.0 standards, 77 percent of managers believe their businesses are currently PCI-compliant, 17 percent are unsure, while six percent admit that they may not be compliant. With regards to drivers behind PCI compliance, the strongest incentive is that it makes ‘good business sense’ (77 percent), followed by a ‘sense of responsibility’ (71 percent), fear of reputational damage (65 percent) and fines (53 percent).

When asked whether details specific to PCI DSS 3.0 are ‘essential’ to protect cardholder data, 47 percent agree while over a fifth (23 percent) do not regard 3.0 as ‘essential’ in protecting cardholder data. The majority (65 percent) of respondents see PCI compliance as part of overall security strategy and not a standalone or self-contained exercise. Just 11 percent consider PCI compliance as separate to overall security strategy. 42 percent of respondents have completed a full PCI scope assessment in the last year, 21 percent completed a scope assessment in the last six months and 36 percent of respondents do not know the date of their last assessment. For the 77 percent who believe they are PCI-DSS compliant, they should be conducting annual assessments as required.

All businesses surveyed admit some concerns over PCI compliance, with the most prevalent being an understanding of PCI DSS 3.0 requirements (53 percent). Other worries expressed by the business managers surveyed include: educating employees (41 percent); budget allocation (42 percent); meeting PCI deadlines (40 percent); and resource allocation (35 percent).

“PCI DSS version 3.0 is a major stride forward,” said Christopher Camejo, director of Assessment Services for NTT Com Security. “Since 2004 PCI DSS has been a visible keystone for merchants and other businesses that need to protect sensitive payment card data, but the changes in 3.0 really up the ante from an operational perspective and bring a lot more detail to areas such as scope definition, penetration testing within requirement 11.3, and malware detection practices. From this survey and the conversations that we have in the market, a heightened awareness and broadened scope relating to the cardholder data environment is certainly required. Businesses understandably have concerns over compliance costs and resources, but they must also consider their responsibilities to customers, their reputation and the possibility of fines. The processing, storage and handling of personal and payment card data must be taken seriously by every business.”

Methodology

Surveys were completed by US businesses from April 1 2014 onwards, with respondents from across New England, the Mid Atlantic, East North Central, South Atlantic, West South Central, Mountain and the Pacific regions.

About NTT Com Security

NTT Com Security (formerly Integralis) is a global information security and risk management organization, which delivers a portfolio of managed security, business infrastructure, consulting and technology integration services through its WideAngle brand. NTT Com Security helps organizations lower their IT costs and increase the depth of IT security protection, risk management, compliance and service availability. NTT Com Security AG, is headquartered in Ismaning, Germany and part of the NTT Communications Group, owned by NTT (Nippon Telegraph and Telephone Corporation), one of the largest telecommunications companies in the world. For more information, visit http://www.nttcomsecurity.com




For NTT Com Security

Joanie Kindblade, 720-407-6071

Joanie.kindblade@104west.com



Source: NTT Com Security


For more stories on investments and markets, please see HispanicBusiness' Finance Channel



Source: Business Wire


Story Tools






HispanicBusiness.com Facebook Linkedin Twitter RSS Feed Email Alerts & Newsletters