PCI Compliance: Are UK Businesses Ready

August 30, 2010

The Payment Card Industry Data Security Standard (PCI DSS) will apply to organisations in the UK from September 30th 2010.

The Payment Card Industry Data Security Standard (PCI DSS) is one of the most prescriptive data protection standards ever developed. It addresses the ever-increasing threats to customer cardholder data by requiring security controls for the cardholder data environment. As a pass/fail regulation, organizations must pass each and every one of the 214 requirements to be certified as PCI compliant.

KEY FINDINGS

  • Only 12% of United Kingdom (UK) organizations processing credit and debit cardholder data are currently certified as being PCI compliant.
  • While 58% of Level 1 merchants have been audited and certified as compliant, that falls to 6%, 8% and 4% for Level 2, 3 and 4 organizations.
  • Over half (57%) of retail organizations admit to not fully understanding the requirements of the Payment Card Industry Data Security Standard (PCI DSS).
  • Brand awareness and fear of reputation damage is a significant driver for achieving PCI compliance.
  • Over three quarters (77%) of organizations have had no difficulty in securing funding and resource to ensure PCI DSS requirements are met.
  • 88% of organizations have senior management on the PCI DSS team or working group—a figure that is 100% for Level 1 organizations.

Source: http://www.tripwire.com/register/?resourceId=9860


Elements of PCI DSS

October 14, 2009

The core elements of PCI DSS are:

– Build and maintain a secure network
– Protect Cardholder Data
– Maintain a Vulnerability Management Programme
– Implement Strong Access Control Measures
– Regularly Monitor and Test Networks
– Maintain an Information Security Policy