Less than one-third of retailers remain compliant between audits
Businesses that use credit card merchant services are held to PCI compliance standards, but many of them only do the legwork in advance of an audit. With the spate of headline-grabbing breaches, it's easy to see why this is bad business practice. According to Verizon's 2015 PCI Report, only 28.6 percent of retailers remain compliant with PCI standards in the periods between audits. This means that some companies are keeping up with standards imposed on credit card security for only a brief window of time, leaving them open to vulnerabilities for the remainder of the year.
"We see compliance going down day by day, month by month, after the assessment," said Rodolphe Simonetti, managing director for Verizon's compliance consulting. "Compliance is supposed to be supporting security, not just a yearly checklist."
Rather than cramming for an audit as if it were a final exam, integrating PCI standards into business practices at all times, is crucial to protecting the data of your customers. Of the 12 core requirements PCI Data Security standard observes in compliant companies, the most likely to go unsatisfied is the responsibility for businesses to maintain a firewall, reports CSO Online.
Another observation made in the report is that companies are so focused on enhancing security, many of them lack a "resilience" plan in the event of a breach. In addition to following protocol that reduces the likelihood of intrusion, businesses should also have measures in place to deal with the fallout of a breach if and when it happens. The more appropriate and immediate a company's response to a breach is, the easier the consequences can be contained and rectified.
Despite the practices of many businesses, be sure that your company is among those who take data protection seriously. Contact us today to learn more about PCI compliance requirements.