Is PCI Compliance Failing?

April 23, 2014 at 9:39 am 2 comments

Verizon came out with its annual report detailing compliance with voluntary Payment Card Industry(PCI) standards intended to make sure that merchants and financial service providers take steps to prevent data theft. The results are depressing with only 11 percent of surveyed companies fully PCI compliant. Despite the fact that PCI has been around for almost a decade the report concludes that the vast majority of organizations lack the ability to have a sustainable PCI protocol

In addition the report uses its bluntest language to date in acknowledging that many merchants aren’t doing enough to protect against data theft. Specifically the report acknowledges the complaints of critics who complain that only the largest merchants have to submit detailed annual compliance reports under the PCI protocols. As a result “while most merchants are striving to comply with (PCI compliance) in good faith” the lack of validation of these efforts “can be a problem.”

The system just isn’t working either because data theft is just too big a problem, or because voluntary compliance just doesn’t work or a combination of both.

Critics of congressional action on data protection correctly point out that codifying specific requirements could result in a system that doesn’t evolve quick enough to address emerging challenges. Conversely this report makes clear that voluntary efforts don’t go far enough. Merchants must be compelled to implement policies and procedures to identify and prevent data theft Just like credit unions. These policies would only have to be commensurate with a merchant’s size and sophistication.

There is no panacea but commonsense federal action would certainly be a step in the right direction.    

Here is a copy of the report.

Entry filed under: Advocacy, Compliance, General. Tags: , .

AMEX Serve Card: Message for Credit Unions NCUA explains when an Association is an Association

2 Comments Add your own

  • 1.  |  April 26, 2014 at 6:21 pm

    I won’t tell you anything new, but it is just the same in any other field.
    You would think experience teaches us anything, but alas.
    Disagree if you will but the world changes, and we have no control over it.
    E.g., If only Barack had any balls to put Putin to his place, but it seems like it’s not happening, welcome WW3.
    Great post, thanks!

  • […] breaches.  Every year, a survey is done assessing PCI compliance.  As I explained in a previous blog, the most recent survey results indicate that businesses are still not making the commitment to […]


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed

Authored By:

Henry Meier, Esq., General Counsel, New York Credit Union Association.

The views Henry expresses are Henry’s alone and do not necessarily reflect the views of the Association.

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 503 other followers