Website Magazine reports that the most recent version of the Payment Card Industry Data Security Standard (PCI DSS 3.0) that requires Internet retailers to implement and perform rigorous penetration testing using different methods of security authentication and session management are not being met.
These tests are meant to protect against "man-in-the-middle, man-in-the-browser and other
similar cyber-attack methods," the magazine reports, adding that "A new study from Tripwire... reveals that the retail industry hasn’t yet implemented these new
security requirements and that could result in a big 'ol lump of coal
Reportedly, just 41 percent
of the retailers currently use any kind penetration testing to identify
security risks, and "only 44 percent have either fully or partially
deployed file integrity monitoring in place."
Perhaps worst of all, Tripwire determined that "62 percent of the IT professionals
surveyed say that negative facts about security risks are filtered
before being communicated with senior executives."