Portals eNewsletters Web Seminars dataWarehouse.com DM Review Magazine
DM Review | Covering Business Intelligence, Integration & Analytics
   Covering Business Intelligence, Integration & Analytics Advanced Search

View all Portals

Scheduled Events

White Paper Library
Research Papers

View Job Listings
Post a job


DM Review Home
Current Magazine Issue
Magazine Archives
Online Columnists
Ask the Experts
Industry News
Search DM Review

Buyer's Guide
Industry Events Calendar
Monthly Product Guides
Software Demo Lab
Vendor Listings

About Us
Press Releases
Advertising/Media Kit
Magazine Subscriptions
Editorial Calendar
Contact Us
Customer Service

Poll: Lack of Protection Leaves Merchants Open to Data Security Breaches

    Online News published in DMReview.com
December 28, 2005

A poll released by Protegrity Corporation, a provider of data security management solutions, found that Payment Card Industry Data Security Standard (PCI) compliance is severely lagging at merchants of all levels despite a growing Internet fraud rate.

During a recent Protegrity webcast on "Accelerating PCI Compliance: Real World Experiences and Strategies" featuring Intuit, respondents were asked what is the status of their PCI compliance efforts, 45 percent said they are in the very early stages of the compliance process, while 19 percent said they have not passed their initial assessment. Only 3 percent said they have passed an assessment.

According to the 7th Annual CyberSource Fraud survey, dollar losses from e-commerce fraud continued to mount for merchants. In 2005, total losses to online fraud will exceed $2.8 billion, up from $2.6 billion in 2004, with large and midsize merchants finding the issue most difficult to address.

To meet the PCI standards merchants of all sizes are required to:

1. Install and maintain a firewall configuration to protect data.

2. Do not use vendor-supplied defaults for system passwords and other security parameters.

3. Protect Stored Data.

4. Encrypt transmission of cardholder data and sensitive information across public networks.

5. Use and regularly update anti-virus software.

6. Develop and maintain secure systems and applications.

7. Restrict access to data by business need-to-know.

8. Assign a unique ID to each person with computer access.

9. Restrict physical access to cardholder data.

10. Track and monitor all access to network resources and cardholder data.

11. Regularly test security systems and processes.

12. Maintain a policy that addresses information security.

Merchants and providers who do not comply may receive fines and/or face restrictions - or in severe cases, be prohibited from accepting credit card(s).

In a poll follow up question, respondents were asked how does PCI compliance compare with other regulations in terms of 2006 compliance projects? 24 percent said PCI is one of their most important projects, 25 percent said PCI is about as important as SOX in importance, 25 percent said all compliance projects are of equal importance, 15 percent said PCI ranks behind both federal and state privacy and disclosure laws in importance, and 8 percent said PCI is just barely on their radar screen.

For more information on related topics visit the following related portals...
Compliance and Security.

This piece has been brought to you by the DM Review Editorial staff.

E-mail This Online News E-Mail This Online News
Printer Friendly Version Printer-Friendly Version
Related Content Related Content
Request Reprints Request Reprints
Site Map Terms of Use Privacy Policy
SourceMedia (c) 2006 DM Review and SourceMedia, Inc. All rights reserved.
SourceMedia is an Investcorp company.
Use, duplication, or sale of this service, or data contained herein, is strictly prohibited.