/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsBASKING RIDGE, USA: While credit card data breaches remain all too common, a new report from Verizon Business shows that following industry security standards can dramatically reduce such incidents.
In a first-of-its-kind “Verizon Payment Card Industry Compliance Report,” the company examines the state of compliance with the Payment Card Industry Data Security Standard (PCI DSS), which was created in 2006 to protect cardholder data and reduce credit card fraud. Company investigators found that breached organizations are 50 percent less likely to be PCI compliant and that only 22 percent of organizations were PCI compliant at the time of their initial examination.
Recommendations
Best practices found in fully compliant organizations include:
· Build security in. Security needs to be built into business processes from the beginning, not added on. Organizations that adhere to this practice typically spend fewer resources and achieve more value from their compliance activities.
· Do not separate compliance and security. Organizations that align compliance and security tend to more easily achieve compliance with security regulations such as PCI DSS. Compliant organizations also tend to have one compliance and security management team, or have two teams that are highly collaborative.
· Treat compliance as a continuous process, not a point-in-time event. Organizations should incorporate PCI activities into their daily business operations. Organizations get into trouble when they approach PCI as a monthly, quarterly or yearly project.
· Control data closely. “Scope creep” — where companies add activities above and beyond the PCI requirements in an attempt to ensure compliance — is a common problem with assessment activities. Discovering, tracking and managing data is essential. The larger the scope of the assessment, the more costly and difficult it is for the organization to perform.
Cyber crime: China, India most affected nations