Only 10% of British businesses currently comply with the PCI DSS 3.0 standard with less than six months left until it comes into force, warns Cognia. The provider of cloud communications intelligence solutions urges organisations not to underestimate their responsibilities ahead of the 31st December 2014 deadline.
With the release of PCI DSS 3.0, the PCI Security Standards Council wants to bring about a sea change that will involve a ‘structured, predictable and continuous’ approach to PCI compliance. The new PCI DSS compliance standard aims to create an actionable ‘business as usual’ framework that outlines techniques for prevention, detection and response to card detail security incidents.
> See also: Go-Ahead gamifies PCI compliance with security league table
‘Achieving compliance with 3.0 is not to be underestimated,’ says Curtis Nash, CEO of Cognia. ‘Since its 2004 inception, the standard has been presented as 12 key requirements, and each has undergone substantial development. Even if you maintained strict compliance, you may well fall short of what is required now, especially with change to people, processes and systems. 3.0 should be seen by businesses as an opportunity to protect brand and enhance customer experience.’
The TK Maxx breach and the attack on US retailer, Target, have instigated a need for a wider, more holistic approach to PCI. Many of these enhanced standards focus on employee education and awareness, eliminating the use of default passwords, writing down payment card details, stopping access to phishing scams and failing to use approved encryption methods. This comprehensive compliance ideology also comes with a need for regular testing of systems – something that historically has required increasing amounts of time, money and expertise.