Most Security, Compliance Pros Don't Meet PCI DSS 3.0
Proficio's new Payment Card Industry Data Security Standard (PCI DSS) 3.0 readiness survey of 129 security and compliance professionals revealed less than half of all respondents meet PCI DSS 3.0. Here are the details.
A new survey from managed security service provider (MSSP) Proficio has revealed the majority of security and compliance professionals do not meet Payment Card Industry Data Security Standard (PCI DSS) 3.0.
Proficio’s PCI DSS 3.0 readiness survey of 129 security and compliance professionals, released today, showed that only 43 percent of respondents said they currently meet PCI DSS 3.0.
Researchers, however, also found that 90 percent of respondents said they are moderately to highly confident that they will be fully compliant with PCI DSS 3.0 by June 30, 2015.
Other survey results included the following:
34 percent of respondents said they do not currently meet PCI DSS 3.0, and 23 percent said they do not know if they comply with this standard.
Of respondents that use managed service providers (MSPs), 43 percent said they had formally documented which PCI DSS requirements were managed by their MSP(s) and which were managed in-house.
When asked what are the biggest challenges facing organizations in meeting PCI DSS 3.0, the three most frequent responses were ensuring service providers meet new requirements, the increased requirement for security monitoring and completing a risk-assessment/penetration test.
“The results of our survey show that there is still work to be done by organizations striving to meet the latest PCI requirements,” Proficio CEO Brad Taylor said in a prepared statement.
Proficio’s PCI DSS 3.0 readiness survey included responses from security and compliance professionals in education, financial services, government, healthcare, retail and other sectors.
What is PCI DSS 3.0?
PCI DSS 3.0 is designed to help organizations make payment security “business-as-usual,” according to the PCI Security Standards Council.
Employees who are directly involved in processing customer payments are most often responsible for internal breaches, the PCI Security Standards Council said, and PCI DSS 3.0 offers service providers best practices to help them avoid payment security issues.
“PCI 3.0 increases the demands on organizations to improve payment card data security and further emphasizes the need for continuous security monitoring,” Taylor added.
The PCI Security Standards Council recently noted 90 percent of security professionals recommend PCI DSS for payment security.
Council officials also pointed out that PCI DSS 3.0 gives MSPs the flexibility to choose the payment security approach that works best for their businesses.
Share your thoughts about this story in the Comments section below, via Twitter @dkobialka or email me at [email protected].
About the Author
You May Also Like