Stamford, CT, December 20, 2005 -- A poll released today by Protegrity Corporation, a leading provider of data security management solutions, found that Payment Card Industry Data Security Standard (PCI) compliance is severely lagging at merchants of all levels despite a growing Internet fraud rate.
During a recent Protegrity webcast on “Accelerating PCI Compliance: Real World Experiences and Strategies” featuring Intuit, respondents were asked what is the status of their PCI compliance efforts, 45% said they are in the very early stages of the compliance process, while 19% said they have not passed their initial assessment. Only 3% said they have passed an assessment.
“It’s not surprising the number of merchants who are still not in compliance,” says David Taylor, VP Data Security Strategies, Protegrity Corporation. "Many merchants are only now beginning to understand the scope of PCI demands, while others have been postponing compliance because they don't believe Visa and MasterCard are serious about enforcing the provisions."
“Unfortunately, while merchants play catch up you have a lack of protection of customer and employee data which leaves them open to data security breaches, identity theft and fraud, as criminals turn stolen identities into cash.”
According to the 7th Annual CyberSource Fraud survey dollar losses from eCommerce fraud continued to mount for merchants. In 2005, total losses to online fraud will exceed USD 2.8 billion, up from USD 2.6 billion in 2004, with large and midsize merchants finding the issue most difficult to address.
To meet the PCI standards merchants of all sizes are required to:
1. Install and maintain a firewall configuration to protect data.
2. Do not use vendor-supplied defaults for system passwords and other security parameters.
3. Protect Stored Data.
4. Encrypt transmission of cardholder data and sensitive information across public networks.
5. Use and regularly update anti-virus software.
6. Develop and maintain secure systems and applications.
7. Restrict access to data by business need-to-know.
8. Assign a unique ID to each person with computer access.
9. Restrict physical access to cardholder data.
10. Track and monitor all access to network resources and cardholder data.
11. Regularly test security systems and processes.
12. Maintain a policy that addresses information security.
Merchants and providers who do not comply may receive fines and/or face restrictions—or in severe cases be prohibited from accepting credit cards.
Will PCI compliance lag in 2006?
In a poll follow up question, respondents were asked how does PCI compliance compare with other regulations in terms of 2006 compliance projects? 24% said PCI is one of their most important projects, 25% said PCI is about as important as SOX in importance, 25% said all compliance projects are of equal importance, 15% said PCI ranks behind both federal and state privacy and disclosure laws in importance, and 8% said PCI is just barely on their radar screen.
About Protegrity
Protegrity Corporation provides end-to-end protection for applications and sensitive data that enables companies to deploy comprehensive security policies with centralized management and auditing. Protegrity is committed to protecting sensitive data wherever it resides in today’s highly distributed and heterogeneous computing environments.
Protegrity empowers management to take responsibility for sensitive data by mitigating legal and financial risks associated with security breaches and assuring compliance with regulatory requirements for data security.
For more than eight years, Protegrity’s award-winning technology has enabled customers to address and resolve critical security challenges. Protegrity invented the core technology used for data-level encryption and owns key patents for database and application security and protection. For more information, visit www.protegrity.com or call 203.326.7200.
Secure.Data is a trademark of Protegrity Corporation. All other trademarks are the property of their respective owners.
Please direct all press inquiries to:
Paul Giardina
Protegrity Corporation
1.203.326.7200 x1004
paul.giardina@protegrity.com
Steven Blinn
BlinnPR
212-675-4777
steven@blinnpr.com
