Although most companies keep customers' credit card numbers secure, the majority fail to protect customers' other personal identification and bank account information, according to a recent survey.
Although 55% of companies follow industry standards to keep customers' credit card numbers secure, they do not apply data security measures to customers' Social Security and driver's license numbers and bank account details, according to Ponemon Institute LLC, a Traverse City, Mich., data security research firm, and Imperva Inc. of Redwood Shores, Calif., which provides data security services.
Ponemon surveyed 500 U.S. companies online during the last week of August.
About 79% of survey respondents said they have experienced a data breach involving the loss or theft of credit card information, but 71% said data security is not a "top" strategic initiative.
About 60% of those surveyed said they lack sufficient resources to comply with the Payment Card Industry Data Security Standard administered by the PCI Security Standards Council LLC. Only 28% of smaller companies with 501 to 1,000 employees said they comply with PCI standards, but 70% of larger companies with 75,000 or more employees said they do.
About 27% of all survey respondents said they are taking a "strategic" approach to PCI compliance, which is improving their data security efforts. But about 73% of respondents said they merely use a basic "checklist" approach to achieve PCI compliance.
