IMGCAP(1)]
Less than 50% of businesses with 20,000 or more payment transactions annually are compliant with the Payment Card Industry Data Security Standard, suggest recent survey data from Computerworld Inc., a Framingham, Mass.-based provider of technology information. NuBridges Inc., an Atlanta-based provider of data-security products, sponsored the study in which Computerworld surveyed 123 respondents businesses in August. Most survey respondents, 57%, have a PCI initiative in place, yet of those only 37% are compliant with the standard, and 20% have not successfully completed a PCI audit. Twenty-eight percent of respondents are planning a PCI initiative, and 15% have no plans to address PCI compliance, according to Computerworld. The most difficult part of compliance for organizations is encryption (cited by 41% of respondents) followed by security-event logging (40%) and data in transit (38%), according to the study. "Given all of the attention to credit card breaches, it is surprising that some companies continue to put off securing the information and/or don't intend to," says Gary Palgon, nuBridges vice president of product management at nuBridges Inc., an Atlanta-based provider of data-security products that sponsored the Computerworld study. "The higher percentages of compliance we often hear about really only covers the largest merchants, but rather when you look at the overall cross-section of companies accepting and/or storing card data, we still have a long way to go before card data is truly secure." Of the survey respondents, 39% conduct accept more than 6 million or more card transactions annually, 20% conduct accept 1 million to 5,999,9996 million transactions annually, and 41% conduct accept 20,000 to 999,9991 million transactions annually.
