infoTECH News

[December 04, 2009]

nuBridges Survey Suggests Ongoing Hurdles for Companies Seeking PCI DSS Compliance

Dec 04, 2009 (Close-Up Media via COMTEX) -- Companies still face significant hurdles when it comes to protecting customer data with the Payment Card Industry Data Security Standard (PCI DSS), according to a recent survey conducted by Computerworld and sponsored by nuBridges, the secure eBusiness authority.

While over half of the companies surveyed have initiatives aimed at achieving PCI DSS compliance, the survey indicates that two-thirds have yet to pass a PCI DSS audit and almost three-quarters are not entirely satisfied with how they store customer data. Additionally, 41 percent of IT and business leaders who answered the survey say their organizations saw some type of data breach in the past 12 months.

"Survey responses showed that even companies that pass PCI DSS audits are not always comfortable with how well they can protect consumer information--a concern that is confirmed by high-profile breaches at compliant organizations such as Heartland Payment Systems," said Gary Palgon, vice president of Product Management for nuBridges. "Many companies have spent considerable time and resources to achieve compliance, yet still face numerous ongoing PCI DSS and security issues." Conducted in August 2009, the Computerworld survey sought to assess the level of PCI DSS compliance at organizations processing 20,000 or more payment card transactions annually. As part of the survey, respondents also identified challenges they have encountered in their PCI DSS efforts--with encryption, event logging, data in transit and key management listed most frequently. Among other findings, almost 90 percent of respondents said they are set to review their payment card security practices in the next 12 months; and tokenization has emerged as a means for reducing the scope of PCI DSS compliance at many organizations.

"Tokenization decreases the number of data points that maintain credit card data, and the technology is gaining traction as a means for lowering ongoing compliance costs," said Palgon. "Substituting a token--or surrogate value--in place of the original data means there are fewer occurrences of credit card data in the enterprise, which reduces the scope of systems subject to the PCI DSS mandate." nuBridges is a provider of software and services to protect sensitive data at rest and in transit, and to transfer data internally or externally with security, control and visibility.

((Comments on this story may be sent to health@closeupmedia.com))

[ InfoTech Spotlight's Homepage ]

blog comments powered by Disqus

FOLLOW US

Subscribe to InfoTECH Spotlight eNews

InfoTECH Spotlight eNews delivers the latest news impacting technology in the IT industry each week. Sign up to receive FREE breaking news today!
FREE eNewsletter