Orthus Survey Indicates Less Than 15% of Hospitality Sector Bus's Have Card Data Security Policies

April 5, 2011 - PRLog -- The surveyed revealed that 77% of the 1000 Level 4 Merchants surveyed claimed to be fully compliant to the mandated Payment Card Industry (PCI) Data Security Standard (DSS) .  The findings also indicated that only 12% of the 777 Level 4 Merchants surveyed claiming to be PCI DSS compliant had published card data security policies in accordance with the standard.  None of these companies had established, implemented, monitored or enforced card data security policies in their businesses.

The survey results also indicated:

•   Of the respondents claiming to be PCI compliant, 94% stated they had conducted the required vulnerability assessment scanning.
•   Of the respondents claiming to be PCI compliant, only 36% stated they had conducted required security penetration testing.

The survey results are truly alarming and clearly indicate that businesses do not understand the PCI DSS requirements or what is required for compliance. The vast majority of the Merchants who mistakenly believed they were compliant were told this by a vendor. (http://www.orthusintel.com)

“The problem is that the market is inundated with misinformation. Vendors sell their products stating that they are required for PCI compliance and buyers who want a quick fix, believe them” says Orthus Relationship Manager, Courtney Bryan.  “Something has to be done about this problem. Merchants need unbiased advice in implementing the PCI DSS framework to prevent card data theft and fraud. There is a real knowledge void in the market about what constitutes PCI DSS compliance and until it’s addressed - vendors will continue to exploit it while the Merchants carry the risks” says Bryan.

For more information or a copy of the survey contact cathy.jacobs@orthus.com

# # #

Orthus is a leading provider of Information Security Risk Management services, with over 100,000 supported systems globally. Orthus provides a range of simple packaged solutions to identify, minimise and manage security, compliance and business continuity gaps before incidents escalate. A seasoned PCI Qualified Security Assessor Company (QSAC), Orthus has extensive hands-on experience in designing, implementing and validating PCI DSS compliance programs.
Our services are delivered by Orthus resilient infrastructure and supported by expert consultants backed up by unsurpassed service level guarantees and full cost coverage for data breaches, compliance failures and downtime. This ensures incidents are caught before they become major problems and customers can continue with Business as Usual, Guaranteed at a low predicable cost. For more information, please visit http:// www.orthus.com