Breach Security and Evolution Security Systems today jointly released their 2008 UK PCI Compliance Report. Surveying UK organizations across a variety of market sectors, including healthcare, government, e-commerce, finance and banking, the report findings indicate that PCI compliance is important to eight in 10 UK organizations.
Further, 57 percent, are either PCI compliant or actively working toward becoming compliant. While this represents good progress, it also indicates that the UK is trailing the United States in adoption of PCI compliance.
In addition, the survey found that 16 percent of organizations don’t know what it means to be PCI compliant and nearly one in five companies reported not knowing if PCI compliance is important.
With online customer data being nearly impossible to secure and easy to hack, the Payment Card Industry (PCI) established compliance requirements to protect customers by including web application security requirements in its Data Security Standard (DSS). All organizations that process, store or transmit credit, debit or other payment card information must be in compliance with the PCI DSS. Further, requirement 6.6 states that all web-facing applications must be protected and web application firewalls have become the de facto standard for compliance in enterprise organizations.
Breach and Evolution’s report found that one in three UK organizations are not planning to become PCI compliant, while 18 percent are planning to become compliant in three to six months, 11 percent in six to 12 months, and five percent in more than one year.