Channel Insider content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

PCI DSS

1 - PCI DSS Compliance TrendsPCI DSS Compliance Trends

Over the past three years, overall average compliance grew from 53% to 94%, an increase of 77%. Over the same period, full compliance increased from less than 8% to 20%, a 167% change.

2 - PCI DSS Compliance Improves Somewhat in 2014PCI DSS Compliance Improves Somewhat in 2014

The number of organizations that achieved full compliance grew from 11% in 2013 to 20% in 2014, reducing the number that were non-compliant from 89% to 80%.

3 - State of PCI DSS ComplianceState of PCI DSS Compliance

More than 90% of all controls, subcontrols, and testing procedures were passed by 80% of companies, a significant increase from last year. Only 25% were passed by all companies assessed, and the highest any control scored in 2013 was 98%.

4 - The Nature of PCI DSS ComplianceThe Nature of PCI DSS Compliance

On average, compliance with 11 of 12 PCI DSS requirements increased 18 percentage points. The biggest increase was in authenticating access. The only area where compliance fell was testing security systems.

5 - Reduction in ScopeReduction in Scope

A full 87% reported making some effort to take data out of scope for PCI DSS compliance using a variety of methods. Another 62% reported moving affected data beyond their control by relying on third-party providers. A full 96% are also using firewalls and routers to control access to data.

6 - Spear-Phishing the PasswordSpear-Phishing the Password

Four out of five breaches stemmed from authentication-based tactics, where attackers attempted to guess, crack or reuse valid credentials.

7 - Unencrypted Data Is Primary TargetUnencrypted Data Is Primary Target

Attackers often focus on compromising stored data. Almost half (48%) of compromises related to payment card data breaches involved data that was unencrypted.

8 - Use of Anti-malware SoftwareUse of Anti-malware Software

This is the only control category that witnessed a drop in compliance, from 96% to 92% in 2014.

9 - Managing the Insider ThreatManaging the Insider Threat

A full 96% of companies were compliant in limiting data access to just those individuals whose job requires such access.

10 - The Ultimate FailThe Ultimate Fail

Of all the data breaches investigated by Verizon in the last 10 years, not a single company has been found to be fully compliant at the time of the breach.

Subscribe for updates!

This field is required This field is required