An article today in Computer Weekly, “PCI DSS compliance still too low”, had me thinking of several recent high profile cases of customer data and credit card breaches. Whenever there is a customer data breach, it is BIG news. Maybe you know someone who was personally impacted by one of the recent credit card breaches . According to to the latest report on Data Security from Verizon., almost 90% of organizations surveyed don’t comply fully with the Payment Card Information (PCI) Data Security Standard (DSS). While that number is shockingly high, it is not entirely a surprise. Protecting customer data is hard. Two of the biggest problems organizations face when trying to secure customer data and comply with PCI DSS is that the data:
- resides in many different systems (point-of-sale, customer relationship management (CRM), back office billing systems, archive storage);
- is accessed by many different users (retail staff, system support, customer service, IT) without restricting sensitive data.