IT Professionals Confused by Credit Card Data Security Requirements (News Release) - 1,408 Views,

Summary: STAMFORD, Conn., June 30 /PRNewswire/ -- Research from a survey conducted in May and June 2005 by Protegrity Corporation, the leader in Data Security Management(TM), shows that 53.9% of IT professionals surveyed believe their companies are still not entirely clear about current data ...

Previous Article « Interesting Report on the Evolution of Cybercrime (News Release)
Read Next Article » China Joins International Anti-Spam “London Plan” - Good Net Citizens or Good Business?

Follow Anne on Twitter Friend Anne on Facebook

STAMFORD, Conn., June 30 /PRNewswire/ — Research from a survey conducted in May and June 2005 by Protegrity Corporation, the leader in Data Security Management(TM), shows that 53.9% of IT professionals surveyed believe their companies are still not entirely clear about current data security requirements as outlined by the Payment Card Industry (PCI) Data Security Standard, which goes into effect today for companies annually processing more than 20,000 Visa transactions involving credit card data, as well as regulations imposed by laws such as California SB 1386, Sarbanes-Oxley, and HIPAA. One-third of survey respondents indicated their companies today would fail compliance audits.

Despite the emphasis these regulations place on data security, 41% of respondents said their companies are spending 10% or less of IT security budgets on data and database security. Not surprisingly, 87% of respondents believed that internal misuse of sensitive data was the biggest threat to their companies, based on current security solutions in place.

“This data demonstrates why we’re seeing headlines about data thefts,” said Gordon Rapkin, CEO of Protegrity. “Many companies are confused about the requirements themselves. Others are overwhelmed by the prospect of putting together a cohesive strategy that encompasses the entire enterprise. And a few are still thinking ‘it will never happen to us.’ But to consumers and shareholders, no excuse is good enough when it comes to data security.” Rapkin pointed out that despite the publicized data thefts occurring during the spring and early summer, the level of investment in securing sensitive data remains very low. In a poll conducted by Protegrity in March 2005, only 7% of respondents said their companies had actually made investments in data and database security.

The 12 requirements of the PCI Standard, adopted by Visa and MasterCard, as well as other major credit card companies, range from encrypting transmission of cardholder data and sensitive information across public networks to restricting physical access to cardholder data to maintaining a security policy that addresses data security. By not complying with these requirements, companies risk hefty fines as well as the revocation of rights to handle credit card transactions. Additionally, state laws such as California’s SB1386 require companies to report to consumers any breach in data security when sensitive data is not encrypted.

“Public companies disclosing data thefts report revenue losses in the millions and even bigger losses in market capitalization,” said Rapkin. “It’s unconscionable that these incidents continue to happen. Data must be secured at every step - from the moment the credit card is swiped until all records of the transaction have been deleted. Any organization in this chain is obligated to protect the credit card number and other private data. Consumers should never have to worry about the security of their personal data.”

For a copy of Protegrity’s most recent data security survey, send an email request to info@protegrity.com..

IT Professionals Confused by Credit Card Data Security Requirements (News Release)

Follow Anne on Twitter

Twitter Explained in Plain English

Friend Anne on Facebook

» Visa and American Express Dump Security Blackhole CardSystems

» U.S. Phisher Implicated in Global Phish Netting

» Wallet Lost or Stolen? AmEx Will Take Care of All of Your Cards, and More!

For additional similar stories check out our archives on Everything Else, Security

NOTE: We never, ever, ever will recommend any product or service on this site that we have not regularly used ourselves and do not wholeheartedly believe in. That said, in some cases after being very pleased with a product or service, we may enter into a relationship with the provider of that product or service such that if someone purchases that product or service based on our recommendation, we may get a small payment. Such payments go towards the upkeep of the Internet Patrol.

No Comments »

No comments yet.

RSS feed for comments on this post.

Warning! All comments which contain URLs and are clearly just spam to generate a link back to the URL will be deleted on sight. Don't bother wasting your time!
If you are going to include a URL in your comment,
please keep it under 25 characters in length,
or use TinyURL to shorten it before including it in your comment.
Line and paragraph breaks are automatic, your email address is never displayed.
HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

This article first appeared on 7/5/2005

About

About TIP

About Anne

Follow Anne On:

Twitter
Linked In
Facebook

*Twitter Explained in Plain English

Search
Categories

Recent Comments to Our Articles

Dozer: I read where the Flexispy works for "smart phones" I have a Razr and the target phone is also a Razr. Would this software work read

"gunner": to: Chatoorgoon Jagdeo, congratulations, you have saved yourself time and money, and avoided seeing your hard earned money going into the pockets of thieves. well done read

"gunner": how many times do you have to be told, "the cake is a lie, there is no spoon" and the lottery is a scam read

"gunner": good reasons why i've avoided both "facebook" and "twitter" and will continue to do so read

Del Irwin: The service was ok for 5 years, though with hidden charges and lots of calls to get them removed. Very slimey company.. when I went read

william: my home boys comment isnt on here wtf read

william: I don't think his is a real becuse if it was why could they not just give them the rice?i thing that tis is just read

Harishchandra Salvi: Please help me to get my mobile Nokia 1209 Silver Grey IMEI: 356072033323873 i love my mobile very much and request you to help me pls. read

Pierre: Sad, sad, sad. You'd think that the designers of the Kindle would have known something about the real world, and that the product would read

Allen MacCannell: Hi Anne, Twitter is, sadly, not adding anything close to what Tweetdeck and Twhirl offer. Those two apps (+ the fantastic PowerTwitter Firefox plugin) setup a read

Todd: The link doesn't go to a form anywhere, and I can't find the form. Perhaps they don't allow this for anyone anymore. read

Jon: There are a couple of organisations clammering to purchase shares in City Networks Inc. One of them being "Penn Capital Management Ltd" in Osaka, Japan read

Fjord Prefect: The reason why Google is upset is this: Microsoft already owns 80% of the desktops in the world, they also provide IE which comes with read

Michael Anderson: The lawyer's comment is idiotic. A customer who has received poor service outside of the bounds of the terms of his agreement with the carrier read

Michael Anderson: This is not exactly correct. In most states, minors are able to form "voidable" contracts--that is, the minor can bind the competent party, but the read

Get a FREE summary of the week's articles by email every Friday!
We NEVER share your email address, and you can stop them any time!

Be sure to watch for the confirmation email!

Search

Get a FREE summary of the week's articles by email every Friday!
We NEVER share your email address, and you can stop them any time!

Be sure to watch for the confirmation email!