Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

9/25/2018
01:20 PM
50%
50%

Payment Security Compliance Takes a Turn for the Worse

This is the first time in six years that Verizon's "Payment Security Report" shows a downward trend, leaving cardholders vulnerable.

Businesses are failing to stay up-to-date with the Payment Card Industry Data Security Standard (PCI DSS), data shows, with the number of fully compliant organizations falling for the first time in six years.

Verizon today released its "2018 Payment Security Report," which shows only 52.4 percent of organizations were fully compliant with PCI DSS in 2017 compared with 55.4 percent in 2016. PCI DSS has been shown to protect payment systems from breaches and data theft; now, businesses are failing to maintain PCI DSS compliance and leaving cardholders vulnerable.

Compliance varies by geography and business sector, as well as the timing of geographical compliance rollout strategies and maturity of IT systems, researchers report. The goal of their report is not to convince IT and security leaders of the need for PCI compliance, but to emphasize the need to regularly measure performance and control effectiveness.

Consider the industries evaluated in this year's study: Of all companies investigated around the world, those in IT services had the highest levels of compliance (77.8%), followed by retail (56.3%), financial services (47.9%), and hospitality (38.5%).

The gaps between how different industries handle electronic payments is significant, Verizon says.

"We urge businesses to reassess their measurement methodologies for PCI control effectiveness, and to concentrate on managing the sustainability of their data protection," stated Rodolphe Simonetti, Verizon's global managing director for security consulting.

Read more details in the report here.

 

Black Hat Europe returns to London Dec 3-6 2018  with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
9/27/2018 | 3:05:59 PM
IT 78%?
IT services had the highest levels of compliance (77.8%), Even IT is not enough in my view, this number should be way beyond 90% as they are supposed to know the trouble well enough.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
9/27/2018 | 3:03:58 PM
Re: financial services (47.9%)
So that fact that over 50% of them are failing to take best security practices towards compliance is a bit disheartening. As long as they protect themselves with an insurance they would not bother I would say.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
9/27/2018 | 3:02:55 PM
Re: financial services (47.9%)
These are the institutions that we trust to take care of our hard earned money. Yet they are the one not protecting it. The punishment may not be enough in my view.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
9/27/2018 | 3:01:35 PM
Re: financial services (47.9%)
However, what is alarming is how financial services is sitting below 50% for compliance. Yes that does not make sense at all. It should be cat higher than that.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
9/27/2018 | 3:00:31 PM
Worse?
I do not understand it could be worse first time in last six years, it was already worse, we keep hearing breached of credit cards.
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
9/26/2018 | 9:59:15 AM
financial services (47.9%)
I am not surprised at the decline. The drop from 2016 to 2017 seems negligable. However, what is alarming is how financial services is sitting below 50% for compliance. These are the institutions that we trust to take care of our hard earned money. So that fact that over 50% of them are failing to take best security practices towards compliance is a bit disheartening.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/23/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Russian Military Officers Unmasked, Indicted for High-Profile Cyberattack Campaigns
Kelly Jackson Higgins, Executive Editor at Dark Reading,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-24847
PUBLISHED: 2020-10-23
A Cross-Site Request Forgery (CSRF) vulnerability is identified in FruityWifi through 2.4. Due to a lack of CSRF protection in page_config_adv.php, an unauthenticated attacker can lure the victim to visit his website by social engineering or another attack vector. Due to this issue, an unauthenticat...
CVE-2020-24848
PUBLISHED: 2020-10-23
FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an attacker to perform a system-level (root) local privilege escalation, allowing an attacker to gain complete persistent access to the local system.
CVE-2020-5990
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure.
CVE-2020-25483
PUBLISHED: 2020-10-23
An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server.
CVE-2020-5977
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.