Infrastructure of over 21% of surveyed companies has failed key PCI compliance assessments, designed to assist them to maintain high security standards when processing customer card payments.
The PCI DSS standard mandates that organizations maintain a secure network and systems to host transactions, including a properly configured network firewall to protect cardholder data, and restrict data access to those with a genuine business need.
Many companies believe that it only applies to payments made via their website, while others believe that simply engaging a payment processor to deal with credit card transactions negates the requirements on them to ensure their own systems are still compliant, and others still think that PCI DSS applies to companies who deal only with large numbers of credit card transactions. If the importance is known exactly then the Compliance will come automatically.
PCI compliance challenges
This is proving difficult, as the poll found out. When asked what the biggest challenges were to ensuring compliance, 30.7% said it was too complex while 23.6% thought that that the contradictions of the process were the biggest barrier.
For businesses that are trying to manage their evolving security landscapes as the workforce remains in flux following the pandemic, addressing the numerous security requirements of PCI is a daily task. Over 24% of respondents said that educating employees on PCI compliance was their biggest challenge.
Data security and compliance are common challenges across every touch point of the customer journey and companies should have more confidence in the standards and their own ability to adhere to them,
Organizations should work towards being compliant and secure simultaneously by changing their culture to address the layers of security required to meet standards.