IMGCAP(1)]
Although most companies keep customers' credit card numbers secure, the majority fail to protect customers' other personal-identification and bank-account information, new survey data suggest. The Poneman Institute LLC, a Traverse City, Mich.-based data-security research firm, and Redwood Shores, Calif.-based Imperva Inc., which provides data-security services, during the last week of August surveyed some 500 U.S. companies online. The results suggest that 55% of companies follow industry standards to keep customers' credit card numbers secure, but they do not apply data-security measures to customers' Social Security and driver's license numbers and bank account details. Some 79% of survey respondents said they have experienced a data breach involving the loss or theft of credit card information, but 71% said data security is not a "top" strategic initiative. Some 60% of those surveyed said they lack sufficient resources to comply with the Payment Card Industry Data Security Standard administered by the PCI Security Standards Council LLC. Only 28% of smaller companies with 501 to 1,000 employees said they comply with PCI standards. That compares with some 70% of larger companies with 75,000 or more employees who said they do. Some 27% of all survey respondents said they are taking a "strategic" approach to PCI compliance, which is improving their data-security efforts. But some 73% of respondents said they merely use a basic "checklist" approach to achieve PCI compliance. In advance of the PCI Council's Oct. 31 deadline for gathering information to help shape a new set of PCI standards to be released next year, Imperva has crafted a set of recommendations. It suggests that the PCI Council modify PCI security standards to suit smaller companies' resources and establish a logo to signal to consumers which companies are PCI-compliant. Imperva also recommends that all companies should assign an executive to spearhead their PCI-compliance efforts and integrate PCI-compliance into general information-technology initiatives.
