Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

5/27/2011
04:59 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

25% Of Mobile Network Operator Survey Respondents Not PCI DSS Compliant

Vesta survey shows how operators are managing compliance, and best practice solutions for maintaining the security standard

Dublin, Ireland, 24th May 2011 – A survey conducted by Vesta Corporation, a global pioneer and leader in electronic payments, has revealed over a quarter of Mobile Network Operators (MNOs) are not compliant with the Payment Card Industry Data Security Standards (PCI DSS). A further 35% of respondents did not know that financial penalties could be levied for non-compliance by the card associations.

Today, just 37% of all payments are made with cash or cheque (Federal Reserve Bank of Boston: 2009). Consumer migration towards electronic payment methods means that securing payment information is becoming increasingly important. A number of recent high profile data breaches resulting in the loss of cardholder data, such as Sony, are a testament to this.

In Q1 2011, Vesta invited 16 tier one and tier two MNOs in the U.S. and Europe to participate in a survey assessing PCI DSS compliance. Summarised in a whitepaper available today, Vesta’s indicative research reveals how PCI DSS compliance most impacts operators, how operators are managing compliance, and best practice solutions for maintaining the security standard.

The survey revealed that:

* 25% of respondents are not currently PCI DSS compliant * The average cost of initial PCI DSS compliance was approximately $700,000 USD * The average annual cost of maintaining PCI compliance was over $1,390,000 USD * 35% of respondents did not know that penalties could be levied by the card associations for non-compliance * Respondents believed the greatest risk of non-compliance is the loss of customer confidence in the MNO

In the case of MNOs, PCI DSS compliance is particularly important. Compared to merchants in other industries, mobile operators usually operate more complex electronic payment channels including web, IVR, live agent, SMS and handset application, among others. Ensuring compliance across this range of payment channels provides a number of unique challenges.

“The survey shows that there is clearly room for improvement by the mobile operator community in addressing PCI DSS compliance, and it is critical that operators not yet compliant take appropriate measures to ensure the security of their customer’s sensitive cardholder data,” said Joshua Rush, VP Marketing at Vesta. “However compliance should not be viewed as a mandatory demand by the card associations but as a competitive sales and marketing differentiator at a time where data security is of paramount concern to subscribers.”

The full whitepaper can be downloaded here: http://www.trustvesta.com/download.aspx, alternatively please email [email protected]

For complete information on PCI Security Standards, self assessment information and guidelines, visit: www.pcisecuritystandards.org

- Ends -

About Vesta Corporation

Headquartered in Portland, Oregon, with operations in Europe and China, Vesta has been a pioneer and worldwide leader in electronic payment solutions since 1995. Vesta offers a full suite of payment services that can reduce and eliminate PCI scope and costs for wireless operators. Vesta has established long-term, successful relationships with leading telecommunications and financial companies including AT&T, Boost Mobile, Bank of China, Bank of Ireland, Chase Paymentech, China Mobile, China Telecom, Cricket Communications, Green Dot, Metavante, NetSpend, O2, Sprint, T-Mobile, Verizon, and Vodafone.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Manchester United Suffers Cyberattack
Dark Reading Staff 11/23/2020
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing Writer,  11/23/2020
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-20934
PUBLISHED: 2020-11-28
An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c.
CVE-2020-29368
PUBLISHED: 2020-11-28
An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.
CVE-2020-29369
PUBLISHED: 2020-11-28
An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. There is a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe.
CVE-2020-29370
PUBLISHED: 2020-11-28
An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71.
CVE-2020-29371
PUBLISHED: 2020-11-28
An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.