Survey Shows Companies Not Protecting Consumer Credit Card Data30 Sep, 2009 Response This Week
REDWOOD SHORES, Calif. and TRAVERSE CITY, Mich. – Imperva and the Ponemon Institute released a study showing that despite the payment card industry’s (PCI) data security standard (DSS), companies are still having trouble securing consumers’ identities from theft.
More than 500 U.S. and multi-national IT security practitioners were surveyed. Results show that 71 percent of companies admit to not making data security a top priority and 55 percent admit to only securing credit card information and sensitive information such as social security numbers, driver’s license numbers and bank account details.
However, the survey also shows that companies taking a strategic approach to PCI compliance have fewer data breaches. Based on results, Imperva made recommendations to consumers, businesses and the PCI DSS Council to improve information safety.
Also revealed in the survey, 79 percent of companies have experienced a data breach involving the loss or theft of information. And 60 percent of the respondents don’t think they have sufficient resources to comply with PCI and bring about the necessary security.
“Nobody is in business to be compliant. But there is a silver lining to this survey: if you protect consumers as required by the PCI DSS standard, there is an incredible opportunity to improve your overall security posture,” says Shlomo Kramer, Imperva’s CEO.
By and large, smaller companies (500-1,000 employees) are less compliant with PCI than larger companies: only 28 percent are compliant compared with 70 percent of companies with more than 75,000 employees.