Latest news
The majority (70.7 percent) did confirm they are aware of the new standard which implies that the majority are prepared for or are working towards meeting the requirements. However, when respondents were asked if they knew that PCI DSS 2.0 contains significant changes and clarifications relative to the expected network architecture and virtualization, only 36.2 percent could say yes, that they did know of this.
A huge 63.8 percent were partially or completely unaware of the new requirements meaning their PCI compliance could be at risk or at the very least isn’t as thorough or as up-to-date as it should be.
Interestingly when asked how auditing by the payment card issuers has changed in the past twelve months, the survey revealed 62 percent said that audits were becoming more, or much more prevalent.
The survey also looked at attitudes towards PCI DSS and version 2.0 changes and on the positive side, 50 percent saw it as a valuable addition that helps them keep up-to-date and 17.2 percent said they used it as a way to justify spending on technologies which are useful outside of PCI mandates.
On the negative side, 17.2 percent saw it as a continual regulatory headache, and 5.2 percent viewed it as another costly ‘tick in the box’ exercise with no obvious benefit to the company or its customers.
Commenting on these findings Guy Churchward, CEO at LogLogic said: “Today’s findings are very interesting, retailers have come a long way since the introduction of PCI DSS back in 2004, in terms of attitudes and implementation, but there’s still a lot more to do. It’s not just a case of ‘achieving compliance’, it’s a matter of completing the audits and staying on top of the requirements – it’s a long term commitment to the business and to protecting customer data. The research clearly shows that retailers need to get up to speed with the new version pretty quickly - if they are to meet the increasingly regular audit requirements.”
Spotlight
The security of WordPress plugins
Posted on 18 June 2013. | Checkmarx’s research lab identified that more than 20% of the 50 most popular WordPress plugins are vulnerable to common Web attacks, such as SQL Injection.
Information security executives need to be strategic thinkers
Posted on 17 June 2013. | George Baker, the Director of Information Security at Exostar, talks about the challenges in working in a dynamic threat landscape, offers tips for aspiring infosec leaders, and more.
Large orgs in denial about own security breaches?
Posted on 14 June 2013. | Over two thirds (66%) of large organizations said they either had not experienced a security incident in the last 12-18 months or were unsure if they had.
Vulnerability scanning with PureCloud
Posted on 12 June 2013. | nCircle PureCloud is a cloud-based network security scanning product built upon the companies' vulnerability and risk management system IP360.
Reactions from the security community to the NSA spying scandal
Posted on 11 June 2013. | Read on for comments on this scandal that Help Net Security received from a variety of security professionals and analysts.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
