As cybercriminals have stepped up their methods to compromise credit cards, Verizon is seeing payment card security increasingly becoming a focus for companies and consumers alike.
In its 2017 Payment Security Report (2017 PSR), Verizon demonstrated a link between organizations being compliant with the standard, and their ability to defend themselves against cyberattacks.
As cybercrime instances continue to rise, payment card security has become a growing focus for companies and consumers. The Payment Card Industry Data Security Standard (PCI DSS) is designed to help businesses that take card payments protect their payment systems from breaches and theft of cardholder data.
Verizon’s findings from its 2017 Payment Security Report (2017 PSR) demonstrate a link between organizations being compliant with the standard, and their ability to defend themselves against cyberattacks.
Out of all of the payment card data breaches Verizon investigated, no organization was fully compliant at the time of breach, and showed lower compliance with 10 out of the 12 PCI DSS key requirements.
Overall PCI compliance has increased among global businesses, with 55.4% of organizations Verizon assessed passing their interim assessment in 2016.
This is an increase over 2015, when only 48.4% of organizations achieved full compliance during their interim validation. This means that nearly half of retailers, restaurants, hotels and other business that take card payments are still failing to maintain compliance from year to year.
Ronald Tosto, global manager of PCI Advise and assessment services for Verizon, told FierceTelecom that it can provide its customers insight on how to improve their security profile every year.
“We like to think from a Verizon perspective, we are helping our clients from year to year improve their security posture, which is shown as demonstrated compliance,” Tosto said. “From a broader base of credit card compliance, we can show that it’s achievable.”
According to the Verizon report, the IT services industry achieved the highest full compliance of all key industry groups studied.
Globally, about three-fifths (61.3%) of IT services organizations achieved full compliance during interim validation in 2016, followed by 59.1% of financial services organizations (which includes insurance companies), retail (50%) and hospitality (42.9%).
The 2017 PSR also looked at compliance challenges faced by specific business sectors including:
Retail: Security testing, encrypted data transmissions and authentication.
Hospitality and travel: Security hardening, protecting data in transit and physical security.
Financial services: Security procedures, secure configurations, protecting data in transit, vulnerability management and overall risk management.