Payment Security Compliance Takes a Turn for the Worse

Businesses are failing to stay up-to-date with the Payment Card Industry Data Security Standard (PCI DSS), data shows, with the number of fully compliant organizations falling for the first time in six years.

Verizon today released its "2018 Payment Security Report," which shows only 52.4 percent of organizations were fully compliant with PCI DSS in 2017 compared with 55.4 percent in 2016. PCI DSS has been shown to protect payment systems from breaches and data theft; now, businesses are failing to maintain PCI DSS compliance and leaving cardholders vulnerable.

Compliance varies by geography and business sector, as well as the timing of geographical compliance rollout strategies and maturity of IT systems, researchers report. The goal of their report is not to convince IT and security leaders of the need for PCI compliance, but to emphasize the need to regularly measure performance and control effectiveness.

Consider the industries evaluated in this year's study: Of all companies investigated around the world, those in IT services had the highest levels of compliance (77.8%), followed by retail (56.3%), financial services (47.9%), and hospitality (38.5%).

The gaps between how different industries handle electronic payments is significant, Verizon says.

"We urge businesses to reassess their measurement methodologies for PCI control effectiveness, and to concentrate on managing the sustainability of their data protection," stated Rodolphe Simonetti, Verizon's global managing director for security consulting.

Read more details in the report here.

Black Hat Europe returns to London Dec 3-6 2018  with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.