Is PCI Compliance Just Too Complex?

By January 15, 2018Blog
pci compliance

Turn on the screen, open the newspaper or scroll through social media and you’re sure to see a headline of another cyber hacking or breach of security. Why? Many businesses are extremely susceptible to data breaches and the worst part – it’s at their customers’ expense. Take a look at these three major data breaches from the past and the heavy fallout:

 

  • Home Depot – Malware infected Home Depot’s point-of-sale systems resulting in 56 million credit cards compromised.
  • Chipotle Mexican Grill – Hackers used malware to gain access to customers’ credit card information that affected roughly 2,250 restaurants.
  • TJX Companies – More than 45 million credit card numbers were stolen from TJ Maxx, Marshalls and HomeGoods over a period of 18 months before they were able to detect and halt the breach.

Here’s the kicker, these breaches could have been avoided through PCI compliance. Inadequate software solutions and policies created a major gap in security for Home Depot, and the use of antivirus software failed to monitor the network for unusual behavior. The case of the Chipotle hacking could have been avoided with stronger security measures and better monitoring systems. And, reports show TJX companies failed to comply with nine out of the twelve PCI requirements.

 

So, if hackings are on the rise and businesses know they’re vulnerable, what’s going on? Is PCI compliance just too complex?

 

PCI is comprised of 12 security requirements, and while the number of businesses achieving full compliance with their annual review reached a record of 55.4 percent last year, nearly half of companies fall out of compliance within a year. Once you’ve reached compliance, the challenging part is maintaining it. You need routine testing and the ability to recognize and remediate any issues quickly.

 

The truth is, PCI compliance isn’t too complex – you just need a dedicated expert who understands the requirements. [MSP] doesn’t want you to become the next big headline of another data breach, the consequences are too great. We can help. Contact us today for your free, no-obligation PCI compliance audit. Your customers will thank you.