Verizon: Companies Failing to Maintain PCI DSS Compliance2019 Payment Security Report Spotlights Challenges, Offers Compliance Tips
Many companies around the world that accept card payments are failing to continually maintain compliance with the PCI Data Security Standard, according to the new Verizon 2019 Payment Security Report. Verizon's Rodolphe Simonetti, who contributed to the report, explains the findings in an interview with Information Security Media Group.
The newly published report highlights a worrying downturn in the level of interim PCI DSS validation compliance. The latest survey of more than 300 organizations in over 60 countries found that compliance dropped to 37 percent in 2018 from a peak of 55 percent in 2016.
"Keeping compliance during the entire year is definitely a challenge for most companies," Simonetti says. "Why is that? I believe that this is because a lot of companies manage PCI as a project, with a beginning and an end. They want to be compliant; they want to pass the assessment. ... It's not part of the ongoing monitoring that should be in place."
In this interview (see audio link below photo), Simonetti discusses:
- The reasons behind the significant downward trend in PCI DSS compliance;
- How organizations can enable more continuous PCI DSS compliance monitoring.
- The increasingly burdensome role for CISOs in holistically managing cybersecurity threats;
Simonetti is the global managing director for the security assurance consulting unit at Verizon. He coordinates all security assurance services from simple assessments to complex programs within a global environment. With over 18 years of information technology and security experience, he has served as a security engineer, security manager for managed security services and CISO.