Executives in trouble, public scrutiny and revenue lost are major effects following a data breach. Customers want answers and accountability after their information is compromised; as a result, we see numerous statements and public apologies. While the aftermath is the majority of what is in the media, there is not a lot of information about the procedures in place before the breach.
Verizon Wireless released their fourth Payment Card Industry (PCI) Compliance report
on March 12 that analyzes the preparedness of companies and how information technology is changing. The PCI Security website
explains “the PCI Data Security Standard (PCI DSS) provides an actionable framework for developing a robust payment card data security process -- including prevention, detection and appropriate reaction to security incidents.”
This raises the question, how do companies stack up when it comes to preventing, detecting and reacting to security breaches. According to Verizon’s report, “of all the companies investigated by our forensics teams over the last 10 years following a breach, not one was found to have been fully PCI DSS compliant at the time of the breach.”
Does the data convey that it is unrealistic to be compliant? Zero is a staggering statistic, but compliance is attainable. The study emphasizes that compliance and secure are not interchangeable terms. PCI DSS compliant is following the regulations and sustaining them. However, “being secure” is difficult to determine, because safe and guarded systems can be compromised. Mobile technology has made a breach as easy as leaving your unlocked phone at Starbucks or as difficult as hacking the government.
Achieving and remaining compliant is more than following a set of regulations. Companies face high costs in legal fees, negative brand reputation and customer trust after a breach, but can prevent or lessen the damage by staying compliant. At EVS we value the importance of a business that “Knows their Customers” and want to help maintain relationships with our Identifraud Compliance.