Credit Card Security (PCI) Compliance Extremely Costly


Credit Card Security (PCI) Compliance Extremely Costly

I thought this might be of interest, particularly to owners and operators:


Aberdeen today announced the availability of a new benchmark report on “PCI DSS and Protecting Cardholder Data,” which shows that Best-in-Class organizations have indeed achieved superior protection of cardholder data through compliance with the PCI Data Security Standard (PCI DSS). Across the 12 high-level security requirements specified by PCI DSS, encouraging gains were made by all companies in the study when compared to a similar benchmark conducted one year ago. However organizations in the study generally underestimated the time and cost necessary to achieve PCI compliance, and they significantly underestimated the cost to sustain it. To obtain a complimentary copy of the report, visit:


“The payment card industry has made steady progress in establishing a common set of security standards, evangelizing best practices, and encouraging adoption,” said Derek E. Brink, vice president and research fellow for IT Security, Aberdeen. “Beyond the mere reporting of compliance with PCI, between 40-50% of the top-performing companies actually reduced the number of failed audits and the number of data security incidents, as well as the time and cost to address them. That’s why it’s so important to have clear ownership for your PCI compliance effort, and to fund the initiative for success.”


Although a wide range of services and technologies must be brought to bear to address the 12 high-level security requirements specified by PCI DSS, solution areas in which the top performers showed the strongest year-over-year improvement included vulnerability and risk assessments, infrastructure security, data protection, application security, and tracking and monitoring solutions such as log management and information and event management.

A complimentary copy of this report is made available due in part by the following underwriters: LogLogic, MegaPath, SenSage, SAINT Corporation and Voltage Security. To obtain a complimentary copy of the report, visit:


To access all of Aberdeen’s complimentary research please visit

Picture of John Van Horn

John Van Horn

Leave a Reply

Your email address will not be published. Required fields are marked *

Only show results from:

Recent Posts

A Note from a Friend

I received this from John Clancy. Now retired, John worked in the technology side of the industry for decades. I don’t think this needs any

Read More »

Look out the Window

If there is any advice I can give it’s concerning the passing scene. “Look out the window.” Rather than listen to CNN or the New

Read More »


See all Blog Posts

Send message to

    We use cookies to monitor our website and support our customers. View our Privacy Policy