Since the Payment Card Industry (PCI) released its new Data Security Standard (DSS) in January 2005, financial services firms along with others who collect, use, or process card payments must comply with PCI DSS. The set of standards are mandated to prevent credit card fraud, hacking, identity theft, and various other security threats.
Info-Tech recently asked 166 different enterprises about their use of compliance frameworks for IT operations. This group included 27 financial services firms. The results show that most financial services firms are not compliant with PCI DSS despite potential penalties such as loss of payment card services accounts, fines, and lawsuits.