A recent report by Verizon has recently said that businesses that accept both credit and debit cards arent maintaining compliance with PCI DSS, creating an opportunity for ongoing credit card fraud. PCI DSS has 12 different requirements created by companies like Visa, MasterCard, and American Express, and within those, there are 260 detailed standards businesses have to follow if they want to process credit card transactions.
Verizon has said that compliance is a two stage assessment process. Theres an initial report of compliance and a final report of compliance, but only 21% of organizations meet their requirements at all. For the most part, businesses treat it as a test you only have to study for once a year.
There are three major areas where businesses are failing. They dont protect stored data well, they dont regularly test security systems, and they dont maintain information security policies as well as they should. Whats more is that many dont encrypt data outside of the main database.