Payment security standards ‘continue to fall’

Payment security compliance has declined for the second year in a row, with organisations based in the Americas particularly lagging behind worldwide counterparts, according to Verizon.

Its 2019 Payment Security Report noted that when Visa initially launched the Payment Card Industry Data Security Standard (PCI DSS) in 2004, many assumed that companies would achieve effective and sustainable compliance within five years.

But 15 years on, the number of businesses achieving and maintaining compliance has dropped from 52.5 per cent last year to a low of just 36.7 per cent worldwide. Geographically, those in the Asia-Pacific (APAC) region showed a stronger ability to maintain full compliance at 69.6 per cent, compared to 48 per cent in Europe, Middle East and Africa (EMEA) and just 20.4 per cent in the Americas.

PCI DSS helps businesses that offer card payment facilities protect their payment systems from breaches and theft of cardholder data, with compliance measured on an organisation’s ability to meet and maintain the standard.

“After witnessing a gradual increase in compliance from 2010 to 2016, we are now seeing a worrying downward trend and increasing geographical differences,” said Rodolphe Simonetti, global managing director for security consulting at Verizon. “With the latest version of the PCI DSS standard 4.0 launching soon, businesses have an opportunity to turn this trend around by rethinking how they implement and structure their compliance programs.”

The report also included data from the Verizon Threat Research Advisory Centre (VTRAC), which demonstrated that a compliance program without the proper controls to protect data has a more than 95 per cent probability of not being sustainable and is more likely to be a potential target of a cyber attack.

“For years, we have discussed the close correlation between the lack of PCI DSS compliance and cyber breaches,” concluded Simonetti. “In this year’s report, we included even more data from the VTRAC team to add more depth to this discussion – our data shows that we have never investigated a payment card security data breach for a PCI DSS compliant organisation.”

This year's report included results from 302 PCI DSS engagements for a range of organisations, including large multinational firms in more than 60 countries. It was based on actual casework with a specific focus on financial services (50.7 per cent); IT services (17.5 per cent), retail (19.9 per cent) and hospitality (10.6 per cent).

    Share Story:

Recent Stories


Supermicro and NVIDIA’s AI Solution for Retailers
To find out more: click here

Poundland significantly reduces antisocial behaviour, aggression and shoplifting with Motorola Solutions VT100 body cameras
Retail should not be a high-risk occupation. As a company, we are focused on listening to our colleagues and customers to help them with the issues they are facing in-store and so far, the feedback on our body cameras has been excellent. They act as a great visual deterrent, help to de-escalate situations and overall, this project has significantly aided our goal to make the retail environment safer.

For further information on Motorola Solutions’ retail security products, including body cameras, click here.

Advertisement