Only 20 percent of payment card-accepting companies complied with the full set of international security standards in 2013, according to a new report from Verizon. The 2014 PCI Compliance Report looked at how hundreds of retailers, hospitality companies, financial service firms and other organizations followed the standards established by the PCI Security Standards Council.
While complying with PCI standards is not required by law, companies that meet those requirements are better prepared to meet other regulatory security requirements. They can also be eligible for better commercial terms from payment card service providers.
Established in 2006, the PCI Security Standards Council is led by five founding members: American Express, Discover Financial Services, JCB International, MasterCard and Visa Inc. The group's standards are aimed at protecting the security of customer payment card data.
While few of the surveyed organizations met all 12 of the PCI security standards, a growing number are complying with most of them, the Verizon study found. More than 82 percent of businesses complied with PCI standards in 2013, compared with 32 percent in 2012.
The 2014 report found that businesses struggle most in complying with the maintenance of security policies (55.6 percent), security testing (23.8 percent), and security monitoring and threat detection (17 percent). Compliance also varied from region to region, with at least 80 percent of standards being met most often in the Asia-Pacific (75 percent), followed by the U.S. (56 percent) and Europe (31 percent).