Since 2006, the Payment Card Industry Data Security Standard (PCI DSS) has helped merchants and credit card issuers lock down retail terminals and e-commerce networks against identity thieves. However, a new report from Verizon indicates that only one in five businesses passed a PCI DSS inspection on the first try.

The communications company maintains the data lines connecting retailers to credit card payment platforms. Researchers used a sample of the assessments collected at 200 of Verizon's client sites during 2008 and 2009 to reach their conclusions. Although the 22% compliance rate sounds discouraging, ongoing reports indicate that most companies comply with 81% of the PCI DSS best practices. In addition, most companies can reach full compliance with guidance from qualified assessors and installers.

Companies that endured security breaches often reported one of three common attacks. 25% of credit card breaches resulted from malware or hacking on company networks. 24% of breaches were caused when criminals found database vulnerabilities. And 21% of credit card thefts reported in Verizon's study occurred when administrators either failed to change default passwords or picked easily-guessed security codes.