Mobile Network Operators Lack PCI DSS Compliance

Wednesday, May 25, 2011

Headlines

69dafe8b58066478aea48f3d0f384820

A survey conducted by Vesta Corporation has revealed over a quarter of Mobile Network Operators (MNOs) are not compliant with the Payment Card Industry Data Security Standards (PCI DSS).

A further 35% of respondents did not know that financial penalties could be levied for non-compliance by the card associations.

Today, just 37% of all payments are made with cash or check (Federal Reserve Bank of Boston: 2009). Consumer migration towards electronic payment methods means that securing payment information is becoming increasingly important.

A number of recent high profile data breaches resulting in the loss of cardholder data, such as Sony, are a testament to this.

In Q1 2011, Vesta invited 16 tier one and tier two MNOs in the U.S. and Europe to participate in a survey assessing PCI DSS compliance. Summarized in a whitepaper, Vesta’s indicative research reveals how PCI DSS compliance most impacts operators, how operators are managing compliance, and best practice solutions for maintaining the security standard. 

The survey revealed that:

  • 25% of respondents are not currently PCI DSS compliant
  • The average cost of initial PCI DSS compliance was approximately $700,000 USD
  • The average annual cost of maintaining PCI compliance was over $1,390,000 USD
  • 35% of respondents did not know that penalties could be levied by the card associations for non-compliance
  • Respondents believed the greatest risk of non-compliance is the loss of customer confidence in the MNO

In the case of MNOs, PCI DSS compliance is particularly important. Compared to merchants in other industries, mobile operators usually operate more complex electronic payment channels including web, IVR, live agent, SMS and handset application, among others. Ensuring compliance across this range of payment channels provides a number of unique challenges.

“The survey shows that there is clearly room for improvement by the mobile operator community in addressing PCI DSS compliance, and it is critical that operators not yet compliant take appropriate measures to ensure the security of their customer’s sensitive cardholder data,” said Joshua Rush, VP Marketing at Vesta.

“However compliance should not be viewed as a mandatory demand by the card associations but as a competitive sales and marketing differentiator at a time where data security is of paramount concern to subscribers.”

The full whitepaper can be downloaded here.

Source:  http://www.realwire.com/releases/25-of-Mobile-Network-Operator-survey-respondents-not-PCI-DSS-compliant

Possibly Related Articles:
10955
PCI DSS
PCI DSS Compliance Headlines report Security Financial Mobile Payments Mobile Network
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.

Most Liked