Study: Aging technology leads to poor PCI compliance numbers

Despite increased emphasis on the importance of securing sensitive customer information, too many organizations are failing to comply with PCI regulations.

That's according to a new report from SecurityMetrics, which found that a large number of organizations are not following best practices when it comes to securing card data. The study discovered that many vendors are not encrypting stored credit card data, nor are they eliminating sensitive information once it is no longer needed. Overall, roughly 67 percent of surveyed companies were not PCI compliant.

That isn't to say that the merchants themselves were deliberately putting their customers' information in harm's way. In fact, the failings found by SecurityMetrics were mainly due to a lack of sufficient technology.

Brad Caldwell, SecurityMetrics CEO, said in a press release that many legacy systems simply lack the ability to meet today's security needs.

"Dated technology is incapable of assisting its owner to meet today's current payment security objectives," Caldwell said. "If an acquirer or ISO is stuck in a program that doesn't implement cutting-edge technology, it's imperative to remodel the program to include updated technologies that increase portfolio value and decrease risk."

As this blog has stated many times in the past, the best way to secure information and achieve PCI compliance is not to upgrade on-site technology, but rather to invest in solutions designed to keep data away from a vendor's internal systems and protected from targeted attacks. Tokenization does exactly that. By storing information outside of internal servers, vendors will go a long way towards keeping customer information out of harm's reach. 

Working with a payment solutions provider will allow vendors to acquire the tools needed to protect their customers' data and maintain their PCI compliance. 

by Ty Hardison

Share this Post
Share to Facebook Share to Twitter Share to Google+ Share to LinkedIn More...