Compliance Costly and No Guarantee, Study Finds
DATA PROTECTIONMarch 3, 2010
A recent study found that more than half of qualified security assessors (QSA) say merchants are not proactively managing data privacy and security in their environments, NetworkWorld reports. The Ponemon Institute study surveyed 155 QSAs certified by the Payment Card Industry Data Security Standards (PSI DSS). Those surveyed also said that despite merchants' significant financial investments in compliance audits--on average costing $225,000 each year--two percent of merchants fail. "That's a large chunk of change to be doing each and every year," said the institute's founder, Larry Ponemon, CIPP, adding that sometimes the annual audit "leads to better security posture, but not always." The survey also found that more than half of merchants investing in audits feel PCI DSS is too costly.