Verizon has published its annual PCI Compliance Report 2015 covering data up to the end of 2014, describing compliance, the sustainability of controls and ongoing risk management.
PCI Compliance Report 2015 analyses information from PCI Data Security Standard (PCI DSS) assessments undertaken by Verizon between 2012 and 2014, together with additional data from forensic investigation reports.
It describes the challenges of maintaining compliance and mentions the scale and complexity of requirements, uncertainty about scope and impact, the ongoing compliance cycle, lack of resources, lack of insight into business processes and misplaced confidence in existing information security maturity.
Each main requirement has a dedicated section summarising the changes in v3.0, describing the compliance challenges found, and providing recommendations for maintaining security and compliance. The authors describe methods they consider should be used to make compliance easier, more effective and sustainable.
There is a useful "compliance calendar" in Appendix C of the report which shows the periodic and other triggers for certain activities across the 12 requirements. A "must read" if you are a payment merchant or service provider.
Posted on: 17 March 2015 at 08:46 hrs