Most Security, Compliance Pros Don't Meet PCI DSS 3.0Most Security, Compliance Pros Don't Meet PCI DSS 3.0
Proficio's new Payment Card Industry Data Security Standard (PCI DSS) 3.0 readiness survey of 129 security and compliance professionals revealed less than half of all respondents meet PCI DSS 3.0. Here are the details.
December 30, 2014
A new survey from managed security service provider (MSSP) Proficio has revealed the majority of security and compliance professionals do not meet Payment Card Industry Data Security Standard (PCI DSS) 3.0.
Proficio’s PCI DSS 3.0 readiness survey of 129 security and compliance professionals, released today, showed that only 43 percent of respondents said they currently meet PCI DSS 3.0.
Researchers, however, also found that 90 percent of respondents said they are moderately to highly confident that they will be fully compliant with PCI DSS 3.0 by June 30, 2015.
Other survey results included the following:
34 percent of respondents said they do not currently meet PCI DSS 3.0, and 23 percent said they do not know if they comply with this standard.
Of respondents that use managed service providers (MSPs), 43 percent said they had formally documented which PCI DSS requirements were managed by their MSP(s) and which were managed in-house.
When asked what are the biggest challenges facing organizations in meeting PCI DSS 3.0, the three most frequent responses were ensuring service providers meet new requirements, the increased requirement for security monitoring and completing a risk-assessment/penetration test.
“The results of our survey show that there is still work to be done by organizations striving to meet the latest PCI requirements,” Proficio CEO Brad Taylor said in a prepared statement.
Proficio’s PCI DSS 3.0 readiness survey included responses from security and compliance professionals in education, financial services, government, healthcare, retail and other sectors.
What is PCI DSS 3.0?
Employees who are directly involved in processing customer payments are most often responsible for internal breaches, the PCI Security Standards Council said, and PCI DSS 3.0 offers service providers best practices to help them avoid payment security issues.
“PCI 3.0 increases the demands on organizations to improve payment card data security and further emphasizes the need for continuous security monitoring,” Taylor added.
The PCI Security Standards Council recently noted 90 percent of security professionals recommend PCI DSS for payment security.
Council officials also pointed out that PCI DSS 3.0 gives MSPs the flexibility to choose the payment security approach that works best for their businesses.
About the Author(s)
You May Also Like
November's Top 20 Stories: Broadcom-VMware, AI in UCaaS, Google Cloud Shake-UpDec 04, 2023
Digital Transformation 2.0? IT Teams Look Ahead to 2024Dec 05, 2023
Insight-SADA Deal Makes Tony Safoian Richest Man in the ChannelDec 04, 2023
AWS re:Invent Partner, Vendor News: Cisco, Salesforce, MoreDec 01, 2023