Three quarters of the enterprises in the Asia Pacific region has met at least 80 percent of the PCI (Payment Card Industry) requirements, revealed Verizon's 2014 PCI Compliance Report. This results in the Asia Pacific region being the most PCI compliant region as compared to the United States (56 percent) and Europe (31 percent).
The report analysed PCI Data Security Standard (DSS) assessment data of Verizon's customers in the retail, financial services and hospitality industries across North America, Europe and the Asia Pacific region from 2011 to 2013. PCI DSS is a proprietary information security standard for organisations that handle cardholder information for financial transactions. It comprises 12 requirements that organisations should comply with in order to minimise payment card fraud.
The report found that only 11.1 percent of organisations assessed globally complied with all of the PCI requirements. The areas where businesses struggled the most to achieve initial compliance include security testing (23.8 percent); security monitoring and the ability to effectively detest and respond to date compromised (17 percent); and protecting stored sensitive data (55.6 percent).
By failing to comply with the PCI DSS, organisations increase their risk of data breaches which might disrupt their business as well as cause them to incur financial penalties and revenue loss. According to a Nilson report, global losses from payment card were more than US$11 billion in 2012. Besides financial losses, a breach could also cause the value of a brand to decline as much as 17 to 30 percent.
The report also unveiled that most payment card data breaches were due to the organisation's failure to implement appropriate compliance and security measures as intended. To counter this, Rodolphe Simonetti, managing director of PCI practice at Verizon Enterprise Solutions, advises organisations to "integrate compliance activities with organisation-wide governance, security and compliance initiatives. He added that compliance activities should also be "automated as much as possible to help ensure compliance is sustainable and cost effective".
Sign up for Computerworld eNewsletters.