Retailers late on PCI DSS 3.0 adoption

As readers of this blog are well aware, point of sale software solutions are vulnerable to malware and fraud. Having the right security systems in place is crucial for any retailer, but a new study found that many in the retail industry have not yet incorporated basic security requirements of the Payment Card Industry Data Security Standard (PCI DSS).

Conducted by the Ponemon Institute and sponsored by Tripwire, the survey found that the most recent version of the PCI DSS, 3.0 released in August 2013, will soon require businesses to implement and perform penetration testing and require different methods of secure authentication and session management. However, many retailers are still unaware of what needs to be done.

According to the survey, only 41 percent of retailers are using penetration testing to identify security risks and just 34 percent of those companies measure the reduction in access and authentication violations to access management efforts. On top of that, only 44 percent of the retail sector has fully or partially deployed file integrity monitoring.

"On the whole, organizations are making slow progress with deployment of risk-based security management strategies and programs," the report concluded. "Given the increase in organizational commitment and the understanding that risk-based security management can align security with key business, organizations appear poised to make more significant strides over the next 12 to 18 months."

Retailers need to be aware of the latest industry security trends if they want to remain secure in all facets of business. With the help of a payment solution provider, any merchant can ensure they have the right POS security systems in place.

Leave a Reply

Scroll to Top