Too many businesses are still not fully compliant with payment card security standards, according to a new report released by Verizon Communications.
The Verizon Payment Card Industry (PCI) Compliance Report found that most businesses that accept credit and debit cards struggle to maintain compliance with the standards developed by the PCI Security Council, a group consisting of American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa.
The report is based on findings from more than 100 assessments conducted by Verizon's team of PCI assessors in 2010, as well as data gathered by Verizon's Investigative Response group while investigating real-world payment card data breaches. Of the global businesses reviewed, Verizon found that 21 percent have successfully maintained PCI compliance.
Businesses are failing to maintain compliance even though they face steep penalties, including fines and increased transaction fees from the credit card brands, the report found. Businesses also now face pressure from their partners, including banks, to demonstrate continued compliance. Many banks are requiring their merchant partners to be in compliance with PCI security standards.
The report also stated that lack of PCI compliance continues to be linked to data breaches. Verizon said that breached organizations are more likely not to be PCI compliant and are more likely to suffer from identity theft and fraud issues.