The latest edition of Verizon’s Payment Security Report has identified a ‘concerning downward trend’ for companies to fail compliance assessments and – perhaps more importantly – not maintaining full compliance with necessary standards.
The Payment Card Industry Data Security Standard (PCI DSS) helps businesses that offer card payment facilities protect their payment systems from cyber security breaches and theft of cardholder data. PCI DSS compliance has been to help protect payment systems from both data breaches and theft of cardholder data.
Data gathered by Verizon’s PCI DSS-qualified security assessors during 2017 demonstrates that PCI compliance is decreasing among global businesses, with only 52.4% of organisations maintaining full compliance in 2017, compared to 55.4% in 2016. Regional differences indicate that companies in the Asia-Pacific region are more likely to achieve full compliance – at 77.8% –compared to those based in Europe – 46.4% – and the Americas – 39.7%.
These differences can be attributed to the timing of geographical compliance rollout strategies, cultural appreciation of awards/recognition, or the maturity of IT systems, Verizon suggests.
By business sector, IT services remain on top when it comes to compliance, with more than 77.8% – achieving full status. Retail – 56.3% – and financial services – 47.9% – were ‘significantly ahead’ of hospitality organisations – 38.5% – which demonstrated the lowest compliance sustainability.
PCI compliance standards are slipping across global businesses – and this simply cannot continue.
With businesses often leveraging PCI DSS compliance efforts to meet the security requirements of data protection regulations, such as GDPR, this gap between the various business sectors that deal with electronic payments on a daily basis is significant.
“PCI compliance standards are slipping across global businesses – and this simply cannot continue,” says Rodolphe Simonetti, Global MD for Security Consulting at Verizon. “Consumers and suppliers alike trust brands to secure their payment data, so we must act now to remedy this state of affairs. We urge businesses to reassess their measurement methodologies for PCI control effectiveness, and to concentrate on managing the sustainability of their data protection.”