Verizon: Retailers fail to maintain PCI compliance

New York – Even when retailers achieve compliance with the Payment Card Industry (PCI) Data Security Standard, they often fail to maintain it. According to the upcoming 2015 PCI Report from Verizon Enterprise Solutions, fewer than one-third of retailers studied were still PCI-compliant less than one year after being validated.



In addition, of all the data breaches studied, Verizon’s findings show that not a single company was fully PCI-compliant at the time of the breach. Two key areas where organizations fall out of compliance include regularly testing security systems and processes and maintaining firewalls.



“Today’s cyber security landscape is changing,” said Rodolphe Simonetti, director of compliance and governance professional services for Verizon Enterprise Solutions. “As a result, organizations need to change the way they approach security. Businesses need to adopt a model that we call ‘resilience,’ which means they must accept they can never be fully secure. There is no silver bullet for data protection.”