So, it has transpired, according to a poll by SentryBay, that 50% of companies have failed or are not compliant with Payment Transactions Security Standard as they struggle to keep pace with the evolving security landscape.
As per SentryBay’s poll (a UK-based cybersecurity software company) the infrastructure of over 21% of surveyed companies has failed key PCI (payment card industry) compliance assessments, designed to assist them to maintain high security standards when processing customer card payments.
In addition, a further 29.3% said that they had no confidence in their own company’s compliance when it came to PCI DSS.
Now, a quick Google tells me that PCI DSS applies to, ‘all entities that store, process, and/or transmit cardholder data. It covers technical and operational system components included in or connected to cardholder data. If you are a merchant who accepts or processes payment cards, you must comply with the PCI DSS.’
So, no one should be getting away with this, let alone 50% of the companies using our card data.
The poll, which was carried out earlier this month on Twitter amongst cybersecurity professionals, also found that there was a lack of confidence in the PCI standards within today’s hybrid working environments.
More than 50% said that they either believed PCI regulations were not relevant or that they needed adjusting to suit current working models.
The PCI DSS standard mandates that organisations maintain a secure network and systems to host transactions, including a properly configured network firewall to protect cardholder data, and restrict data access to those with a genuine business need.
This is proving difficult, as the SentryBay poll found out. When asked what the biggest challenges were to ensuring compliance, 30.7% said it was too complex while 23.6% thought that that the contradictions of the process were the biggest barrier.
For businesses that are trying to manage their evolving security landscapes as the workforce remains in flux following the pandemic, addressing the numerous security requirements of PCI is a daily task.
Over 24% of respondents said that educating employees on PCI compliance was their biggest challenge.
Dave Waterson, CEO at SentryBay said, “Data security and compliance are common challenges across every touch point of the customer journey and companies should have more confidence in the standards and their own ability to adhere to them, however tasking this is.
“Organisations should work towards being compliant and secure simultaneously by changing their culture to address the layers of security required to meet standards.”
And yes, organisations should be doing all of this, however I can’t imagine 50% would be deliberately avoiding these standards. If 24% said educating their employees was their ‘biggest challenge’, and with over 30% citing the standards as ‘too complex’, perhaps it’s time for the PCI Security Standards Council to make a few adjustments of their own and meet these organisations halfway?