PCI DSS Compliance Between Audits is Declining: Verizon

Companies subject to PCI DSS security requirements are audited once per year, yet many of these companies continue to be breached. It is not that PCI DSS fails, but that companies fail to maintain compliance from one audit to the next. According to Verizon’s 2016-2018 dataset, at the time of a breach, no organization was compliant across all 12 PCI DSS requirements.