Skip to main content

PCI compliance: Four things you need to know for your business

We reported last month that new security standards for the payment card industry, known as PCI DSS, were coming into force by the end of June.

Security company Rapid7 has produced an infographic looking at PCI compliance, cybersecurity and new related requirements for penetration testing. Based on data from the Verizon 2015 PCI Compliance Report it sets out four things enterprises should know about going into PCI compliance.

It shows that enterprises are getting better at PCI compliance, however, only one in five organisations were fully compliant at interim assessment. Vulnerability scanning remains a major challenge, PCI DSS Requirement 11 (regularly test security systems and processes) was the only area where compliance levels have fallen year-on-year.

It also points out that tracking and monitoring is critical, with every company that suffered a data breach being found non-compliant with PCI DSS Requirement 10 (track and monitor all access to networks and cardholder data).

Finally, starting on 1 July companies must comply with new, more stringent pen-testing requirements.

You can see the full infographic below.

Rapid7 PCI infographic

Image Credit: Sedlacek / Shutterstock