Study: Most businesses fail PCI compliance

New York - Nearly 80% of all businesses fail their interim PCI compliance assessment, leaving them vulnerable to cyberattacks. According to Verizon’s 2015 PCI Compliance Report, 69% of all consumers are less inclined to do business with a breached organization, making compliance with Payment Card Industry Data Security Standards (PCI DSS) critical.



Only 29% of companies are still fully PCI DSS-compliant less than a year after being validated. However, almost twice as many companies were validated as compliant during their interim compliance review in 2014 as compared with 2013.



Additional key findings from the report include:



• Between 2013 and 2014, compliance increased for 11 of the 12 PCI DSS controls or, in other words, 60% of companies assessed in 2014 were compliant with any given requirement.



• The average increase in compliance was 18 percentage points.



• The biggest jump in compliance was in authenticating access.



• The only area where compliance fell was testing security systems, from 40% to 33%.



This year’s report covers three years of data and includes the results from PCI assessments conducted by Verizon’s team of PCI Qualified Security Assessors for Fortune 500 and large multinational firms in more than 30 countries.