More Firms Meeting PCI DSS, but Only Temporarily

By Michael Vizard

Organizations may not exactly be in love with the Payment Card Industry Data Security Standard (PCI DSS), but they are increasingly complying with it with help from solution providers across the channel. The 2015 PCI Compliance Report from Verizon finds that although more companies than ever are attaining PCI DSS compliance, few of them can maintain it since the overall IT environment remains fairly dynamic. "Compliance at a point in time isn't sufficient to protect valuable data and their reputations; organizations must make being proficient at maintaining security controls in a dynamic environment a strategic imperative," the reports explained. "Being able to say that you were compliant three months ago will be of little solace when dealing with the aftermath of a breach." Most of the data being stolen is accessed with credentials that have either been stolen or are easily cracked. Also, much of the stolen data is unencrypted, showing that companies still have work to do to move toward compliance.

This article was originally published on 2015-04-06