41 percent surveyed aware of PCI DSS 3.0 but have no plans in place,
while 70 percent of respondents still unaware of the looming deadline
for PCI DSS 3.0 compliance
In a rolling survey to assess the awareness, acceptance and understanding of PCI DSS 3.0, just 30 percent of respondents say they have reviewed all requirements and have a plan in place, while 41 percent claim to have heard of PCI DSS 3.0 but have no specific plan for compliance. When asked to name the exact date by which they need to be PCI DSS 3.0 compliant, 70 percent of respondents remain unaware of the standard’s deadline.
When questioned over compliance with existing PCI DSS 2.0 standards, 77 percent of managers believe their businesses are currently PCI-compliant, 17 percent are unsure, while six percent admit that they may not be compliant. With regards to drivers behind PCI compliance, the strongest incentive is that it makes ‘good business sense’ (77 percent), followed by a ‘sense of responsibility’ (71 percent), fear of reputational damage (65 percent) and fines (53 percent).
When asked whether details specific to PCI DSS 3.0 are ‘essential’ to protect cardholder data, 47 percent agree while over a fifth (23 percent) do not regard 3.0 as ‘essential’ in protecting cardholder data. The majority (65 percent) of respondents see PCI compliance as part of overall security strategy and not a standalone or self-contained exercise. Just 11 percent consider PCI compliance as separate to overall security strategy. 42 percent of respondents have completed a full PCI scope assessment in the last year, 21 percent completed a scope assessment in the last six months and 36 percent of respondents do not know the date of their last assessment. For the 77 percent who believe they are PCI-DSS compliant, they should be conducting annual assessments as required.
All businesses surveyed admit some concerns over PCI compliance, with the most prevalent being an understanding of PCI DSS 3.0 requirements (53 percent). Other worries expressed by the business managers surveyed include: educating employees (41 percent); budget allocation (42 percent); meeting PCI deadlines (40 percent); and resource allocation (35 percent).
“PCI DSS version 3.0 is a major stride forward,” said
Surveys were completed by US businesses from
About NTT Com Security
NTT Com Security (formerly Integralis) is a global information security and risk management organization, which delivers a portfolio of managed security, business infrastructure, consulting and technology integration services through its WideAngle brand. NTT Com Security helps organizations lower their IT costs and increase the depth of IT security protection, risk management, compliance and service availability. NTT Com Security AG, is headquartered in Ismaning,
For NTT Com Security
Source: NTT Com Security