PCI Compliance does give protection against data breaches

David Heath
Wednesday, 06 October 2010 12:25

Business IT - Security

Based on a sample of 200, Verizon Business determined that those organisations suffering some kind of data breach were 50% less likely to be PCI compliant.

One might read this and say well, qu'elle surprise!  However, there is more to the story than the obvious causal connection.

The Payment Card Industry Data Security Standard (PCI-DSS) is a wide-ranging set of rules, procedures and technical implementations that assist to ensure the security and confidentiality of credit card information in the hands of vendors and other payment processing organisations.

It has always been assumed that the greater adherence an organisation has to PCI-DSS, the more resilient it would be to an attack.  Verizon Business' research into the topic conducted by its team of Qualified Security Assessors in the execution of site assessments gives real insight into levels of compliance and the likelihood of intrusion.

"The Verizon Payment Card Industry Compliance Report gives organisations an unprecedented view into the state of PCI compliance across the board, specifically pointing out which requirements are most difficult to meet," said Peter Tippett, vice president of technology and innovation at Verizon Business. 

"We hope this report will help organisations approach PCI compliance in a more informed and effective way.  Ultimately, we want the same thing as the rest of the industry:  fewer payment card losses and data breaches."

Details from the report and conclusions drawn appear on the next pages.