The 2011 study found that initially, 79% of businesses assessed failed compliance, with 21% of those who failed being between 90% and 99% compliant.

These results are about the same as last year, and the percentages haven't improved, in part, because businesses are overconfident. They feel that the process was painful, but having passed, the following year should be easy. "That can be a costly mistake," the report says.

MOBILE:

The report was compiled using data gathered by Verizon assessors and Verizon's investigative teams that check out payment-card data breaches. Businesses were dealing with PCI 1.2. the current version is 2.0.

Of the companies that failed on the initial report, on average they met 78% of the compliance requirements.