For nine years, Verizon has released its annual Payment Security Report about the state of Payment Card Industry Data Security Standard (PCI DSS) compliance. For nine years, the pattern has remained the same: Many companies don’t comply with the standard, and many companies that do comply fall out of compliance not long after their audit. IT organizations don’t struggle with PCI DSS compliance due to a lack of knowledge or technology; the problem is proficiency.
“Proficiency is the main theme,” says Ciske van Oosten, lead author of the report since 2013 and senior manager of global intelligence for security assurance consulting at Verizon Enterprise Solutions. “With 10 years of data breach investigation reports, you start to recognize patterns.”