Risk

9/25/2018
01:20 PM
50%
50%

Payment Security Compliance Takes a Turn for the Worse

This is the first time in six years that Verizon's "Payment Security Report" shows a downward trend, leaving cardholders vulnerable.

Businesses are failing to stay up-to-date with the Payment Card Industry Data Security Standard (PCI DSS), data shows, with the number of fully compliant organizations falling for the first time in six years.

Verizon today released its "2018 Payment Security Report," which shows only 52.4 percent of organizations were fully compliant with PCI DSS in 2017 compared with 55.4 percent in 2016. PCI DSS has been shown to protect payment systems from breaches and data theft; now, businesses are failing to maintain PCI DSS compliance and leaving cardholders vulnerable.

Compliance varies by geography and business sector, as well as the timing of geographical compliance rollout strategies and maturity of IT systems, researchers report. The goal of their report is not to convince IT and security leaders of the need for PCI compliance, but to emphasize the need to regularly measure performance and control effectiveness.

Consider the industries evaluated in this year's study: Of all companies investigated around the world, those in IT services had the highest levels of compliance (77.8%), followed by retail (56.3%), financial services (47.9%), and hospitality (38.5%).

The gaps between how different industries handle electronic payments is significant, Verizon says.

"We urge businesses to reassess their measurement methodologies for PCI control effectiveness, and to concentrate on managing the sustainability of their data protection," stated Rodolphe Simonetti, Verizon's global managing director for security consulting.

Read more details in the report here.

 

Black Hat Europe returns to London Dec 3-6 2018  with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
9/27/2018 | 3:05:59 PM
IT 78%?
IT services had the highest levels of compliance (77.8%), Even IT is not enough in my view, this number should be way beyond 90% as they are supposed to know the trouble well enough.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
9/27/2018 | 3:03:58 PM
Re: financial services (47.9%)
So that fact that over 50% of them are failing to take best security practices towards compliance is a bit disheartening. As long as they protect themselves with an insurance they would not bother I would say.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
9/27/2018 | 3:02:55 PM
Re: financial services (47.9%)
These are the institutions that we trust to take care of our hard earned money. Yet they are the one not protecting it. The punishment may not be enough in my view.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
9/27/2018 | 3:01:35 PM
Re: financial services (47.9%)
However, what is alarming is how financial services is sitting below 50% for compliance. Yes that does not make sense at all. It should be cat higher than that.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
9/27/2018 | 3:00:31 PM
Worse?
I do not understand it could be worse first time in last six years, it was already worse, we keep hearing breached of credit cards.
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
9/26/2018 | 9:59:15 AM
financial services (47.9%)
I am not surprised at the decline. The drop from 2016 to 2017 seems negligable. However, what is alarming is how financial services is sitting below 50% for compliance. These are the institutions that we trust to take care of our hard earned money. So that fact that over 50% of them are failing to take best security practices towards compliance is a bit disheartening.
Devastating Cyberattack on Email Provider Destroys 18 Years of Data
Jai Vijayan, Freelance writer,  2/12/2019
Up to 100,000 Reported Affected in Landmark White Data Breach
Kelly Sheridan, Staff Editor, Dark Reading,  2/12/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-1695
PUBLISHED: 2019-02-15
IBM QRadar SIEM 7.2 and 7.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 134177.
CVE-2018-1701
PUBLISHED: 2019-02-15
IBM InfoSphere Information Server 11.7 could allow an authenciated user under specialized conditions to inject commands into the installation process that would execute on the WebSphere Application Server. IBM X-Force ID: 145970.
CVE-2018-1727
PUBLISHED: 2019-02-15
IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 147630.
CVE-2018-1895
PUBLISHED: 2019-02-15
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ...
CVE-2019-4059
PUBLISHED: 2019-02-15
IBM Rational ClearCase 1.0.0.0 GIT connector does not sufficiently protect the document database password. An attacker could obtain the password and gain unauthorized access to the document database. IBM X-Force ID: 156583.