Most companies are expecting to be PCI compliant within 18 months.
According to a survey by Imprivata, authentication and access are among the top priorities. Meanwhile 44 per cent have deployed two-factor authentication and 26 per cent aim to go beyond compliance to deploy best practices and technologies.
Despite the latest PCI DSS compliance requirements deadline having passed in June 2008, only 39 per cent of respondents confirmed they are currently compliant. Of the 61 per cent of respondents that are not yet compliant, 53 per cent expect to become compliant within 12 months and 65 per cent expect to be compliant within 18 months.
In order to control individual access to computing resources and cardholder information, 74 per cent have assigned a unique user ID, 63 per cent have deployed strong authentication technologies and 63 per cent have deployed password management technologies. A third of respondents have already deployed single sign-on (SSO) and 39 per cent have deployed physical access security cards.
Omar Hussain, president and CEO at Imprivata said: “Ensuring PCI DSS compliance is at the top of the list for organizations taking payment card information - more so now than ever before with the latest deadline having recently passed and the final set of requirements and documentation to be issued by the end of 2008.
“Though a large majority of companies are still not yet compliant, they are actively engaged in efforts to achieve compliance. Authentication and access technologies are clearly among the highest priority, as they can satisfy a number of requirements simultaneously.”