Verizon cites link between PCI standard compliance, cyberattack defense

FICO, identity theft, bank fraud, credit card theft, terrorism, cybersecurity
The IT services industry achieved the highest full compliance of all key industry groups studied, according to Verizon.

As cybercriminals have stepped up their methods to compromise credit cards, Verizon is seeing payment card security increasingly becoming a focus for companies and consumers alike.

In its 2017 Payment Security Report (2017 PSR), Verizon demonstrated a link between organizations being compliant with the standard, and their ability to defend themselves against cyberattacks.

As cybercrime instances continue to rise, payment card security has become a growing focus for companies and consumers. The Payment Card Industry Data Security Standard (PCI DSS) is designed to help businesses that take card payments protect their payment systems from breaches and theft of cardholder data.

FREE DAILY NEWSLETTER

Like this story? Subscribe to FierceTelecom!

The Telecom industry is an ever-changing world where big ideas come along daily. Our subscribers rely on FierceTelecom as their must-read source for the latest news, analysis and data on the intersection of telecom and media. Sign up today to get telecom news and updates delivered to your inbox and read on the go.

RELATED: Verizon data breach report reveals phishing, ransomware issues jumped in 2016

Verizon’s findings from its 2017 Payment Security Report (2017 PSR) demonstrate a link between organizations being compliant with the standard, and their ability to defend themselves against cyberattacks.

Out of all of the payment card data breaches Verizon investigated, no organization was fully compliant at the time of breach, and showed lower compliance with 10 out of the 12 PCI DSS key requirements.

Overall PCI compliance has increased among global businesses, with 55.4% of organizations Verizon assessed passing their interim assessment in 2016.

This is an increase over 2015, when only 48.4% of organizations achieved full compliance during their interim validation. This means that nearly half of retailers, restaurants, hotels and other business that take card payments are still failing to maintain compliance from year to year.

Ronald Tosto, global manager of PCI Advise and assessment services for Verizon, told FierceTelecom that it can provide its customers insight on how to improve their security profile every year.    

“We like to think from a Verizon perspective, we are helping our clients from year to year improve their security posture, which is shown as demonstrated compliance,” Tosto said. “From a broader base of credit card compliance, we can show that it’s achievable.”

According to the Verizon report, the IT services industry achieved the highest full compliance of all key industry groups studied.

Globally, about three-fifths (61.3%) of IT services organizations achieved full compliance during interim validation in 2016, followed by 59.1% of financial services organizations (which includes insurance companies), retail (50%) and hospitality (42.9%).

The 2017 PSR also looked at compliance challenges faced by specific business sectors including:

Retail: Security testing, encrypted data transmissions and authentication.

Hospitality and travel: Security hardening, protecting data in transit and physical security.

Financial services: Security procedures, secure configurations, protecting data in transit, vulnerability management and overall risk management.

Suggested Articles

Expect a full dose of Kubernetes at next week's VMworld conference in San Francisco, according to VMware CEO Pat Gelsinger.

If there is indeed a global recession in the offing, no one has told the top cloud and colocation providers.

On the same day as its second quarter earnings, VMware announced it's buying Carbon Black and Pivotal for a combined value of $4.8 billion.