2015 PCI Compliance Report

This year we’ve expanded this report, our fourth on PCI DSS compliance, to give even greater insight into payment card data security. As well as looking at compliance, we investigate the sustainability of security controls and ongoing risk management.

Did you suffer a data breach recently? Even if you avoided a breach, it’s likely that you saw an increase in the number of security incidents — according to PwC research, since 2009 the volume has grown at an average of 66% per year. It seems that it’s only retailers and entertainment companies that make the headlines, but organizations of all kinds are affected. In this report we look at how well prepared companies are to withstand attacks and mitigate the impact of breaches, and recommend how you can improve.

Compliance with the Payment Card Industry Data Security Standard (PCI DSS) continues to improve, but four out of five companies still fail at interim assessment. This indicates that they’ve failed to sustain the security controls they put in place.

This year we’ve studied even more data and broadened our analysis to give a more complete picture of the state of payment security and insight into the challenges of managing risk. In what we believe is an industry first, this year’s report includes analysis of the use of compensating controls and the sustainability of compliance.

Your customers put their trust in you every time they make a purchase. They trust that you will not only deliver the product or service promised, but also that you’ll keep their details safe. But every new report about a data breach makes them a little more concerned about their personal information being compromised.

Will your company be next? And what might that mean for your brand, your sales pipeline, your share price? That’s why whether you’re the CEO, CMO, CIO, or CFO, payment security should matter to you.

The PCI Data Security Standard (PCI DSS) provides a very useful framework for looking at the state of payment card security. We’ve gathered a wealth of data during compliance assessments, enabling us to provide a quantified analysis. This is our fourth report on payment card security and each year we’ve looked at more data in order to provide richer and more informative insight.