2010 Verizon PCI Compliance Report

By: Absolute Team | 10/22/2010

Verizon has just released its 2010 PCI Compliance Report [PDF] which looks at PCI Data Security Standard (PCI DSS) assessments done by Verizon and looks at how organizations are attempting to become compliant. The report also compares companies in a "normal" population vs those that have suffered security breaches.

This report does not attempt to argue that the PCI DSS are too high or too low but instead attempts to look at how companies are attempting to meet those standards and what issues are holding them back.

"The degree of security that the standard is designed to deliver becomes a baseline that an organization should adhere to; one that assures it is doing its part to address the industry- wide risks present to all participants in the economic system."

Findings from the study include:

  • 22% of organizations were validated as compliant
  • Companies that were found to be compliant had often been found compliant in the past
  • On average, organizations met 81% of test procedures in the PCI DSS stage
  • The requirements that companies struggled most with were
    • track and monitor access
    • regularly test systems and processes
    • protect stored cardholder data
  • Organizations that suffered a data breach were 50% less likely to be compliant
  • All of the top 10 threat actions leading to the compromise of PCI data were within the scope of PCI DSS
Financial Services