Challenges Companies Face in Protecting Sensitive Consumer Data

As large companies face a Sept. 30 Payment Card Industry (PCI) deadline to lock down their networks and customer data, a new report reveals where many are falling short of mandatory security standards. In fact, more than half of the companies profiled in the report still do not sufficiently protect sensitive consumer information.

The report, published by VeriSign, Inc. (NASDAQ: VRSN), the leading provider of digital infrastructure for the networked world, found that 53 percent of enterprise-class companies do not meet the data security standards established by the PCI. The report also lists the top 10 reasons companies fail PCI data security audits. PCI security standards apply to all companies that store, process and transmit credit and debit card payment information.

VeriSign's Global Security Consulting team, which authored the report, found that companies are struggling to comply with PCI standards in several key areas, including regular testing, securing applications, logging and protecting data. In fact, regular testing was the chief failure point for audited companies, with 48 percent failing that requirement.

VeriSign based its report findings on 60 recent PCI audits involving 50 different large companies. Unless they pass the audits, which evaluate how well companies comply with more than 230 data security requirements, the firms may face stiff fines or risk losing their ability to process credit card transactions. The Sept. 30 compliance validation deadline to avoid fines and/or higher interchange fees was set for all merchants and service providers by VISA USA as part of their Compliance Acceleration Program.