Vesta Corporation conducted a survey of Mobile Network Operators (MNOs) in the USA and Europe and discovered that over a quarter of them were non-compliant to the Payment Card Industry Data Security Standards (PCI DSS).
Of equal concern are the 35% who did not know of the potential financial penalties they could face in the event of an Account Data Compromise (data breach).
Key findings of the survey
- 25% of respondents are not currently PCI DSS compliant
- 35% of respondents unaware of potential penalties for non-compliance
- The average cost of initial PCI DSS compliance was approximately $700,000 USD
- Over 50% were spending over $1,390,000 USD annually in PCI compliance maintenance costs.
- 69% of respondents stated that more than three people in their organization work full time on maintaining PCI compliance.
- 56% felt that the greatest impact of a security lapse or data breach to their business would be a loss of customer confidence.
- Over a third of these maintain an internal security group for PCI compliance.
- Under a quarter of respondents maintain PCI DSS via cross functional teams that receive direction on a group level with local implementation.
- All respondents regard the touchpoints of live agent, Web and retail as very important to the success of their organization’s PCI compliance.
- The areas of highest concern mentioned by the operators included ensuring applications and systems are compliant; network monitoring and scanning; and vulnerability management.
“The survey shows that there is clearly room for improvement by the mobile operator community in addressing PCI DSS compliance, and it is critical that operators not yet compliant take appropriate measures to ensure the security of their customer’s sensitive cardholder data,” said Joshua Rush, VP Marketing at Vesta. “However, compliance should not be viewed as a mandatory demand by the card associations but as a competitive sales and marketing differentiator at a time where data security is of paramount concern to subscribers.”
The white paper can be downloaded here.
For more information on PCI DSS visit the PCI resources page here.