More than half of enterprises are not meeting the data security standards established by the Payment Card Industry, according to a new report published by VeriSign. The main reason for the lack of compliance is because firms are not carrying out regular analysis of data that is being retained, the security specialist said.

Simon Church, head of VeriSign for Europe, the Middle East and Africa, advised firms to indoctrinate better procedures for managing data across their environments. He explained that many organisations retain information they do not need, and instead they should be more thorough in analysing their data and deciding which of it is necessary to keep.

Church added that as the data security industry is changing so rapidly, if organisations establish certain processes just to pass the PCI audit, that might not be adequate to meet future standards requirements. Instead, firms need to assimilate good practice for data management and security in their DNA, he advised.

Companies failing to comply with PCI standards could face financial penalties or losing the ability to process credit card transactions. Church said that data security aspects need to be considered by the whole business rather than just the IT department, because ultimately bad publicity from compliance failures will cause serious consequences for the business.