Η Verizon stated that compliance with the Payment Card Industry Data Security Standard (PCI DSS) has declined for the third consecutive year, with organizations failing to plan for the long term. PCI DSS is a set of rules and regulations created in 2006 by a coalition of Visa, Mastercard, American Express, Discover and JCB, to manage and improve security standards security throughout the transaction process, in an effort to reduce the scams with credit cards.
The tech giant wrote it Verizon Business 2020 Payment Security Report based on data collected by PCI DSS security assessors (QSAs) from both the company itself and other companies.
In addition, Verizon revealed that on average only 27,9% of global organizations fully comply with the Payment Card Industry Data Security Standard, down 28% from 2016.
The report also noted that only 52% of the evaluated organizations successfully test the systems and security procedures, as well as unattended access to the system, and about two-thirds effectively monitor access to critical business systems. In addition, only 71% of financial institutions maintain basic perimeter security controls, Verizon added.
The Payment Card Industry Data Security Standard is designed to provide a carrot-and-stick approach, aimed at improving data security for merchants processing card payments. On the one hand it offers a framework of best practice to help them businesses to mitigate the risk violation data, but if they do not comply and are then violated, large fines could be imposed.
Indicatively, behind 86% of data breaches in 2019, there were financial motives, while in the trade sector, 99% of security incidents related to the acquisition of payment data by attackers, according to the latest report by Verizon data breach investigations.
Verizon President Sampath Sowmyanarayan said many companies still lack the resources and commitment to promote long-term compliance strategies.
In addition, his pandemic COVID-19 has diverted consumers from the traditional use of cash, in contactless credit card payment methods as well as mobile devices. This has created more electronic payment data, with consumers trusting businesses to protect their information. Payment security should always be a priority for companies that handle any payment data, as they have a responsibility to their customers, suppliers and consumers.
The report also outlined specific challenges that small and medium-sized enterprises face in carrying out what is often considered a cumbersome and costly PCI DSS compliance process.
Maxine Holt, senior research director at Omdia, said the report's findings should serve as a wake-up call for businesses. He added that aligning the security strategy with the organizational strategy is essential for organizations to maintain compliance, in this case with PCI DSS 3.2.1, to provide appropriate levels of payment security. Finally, Holt noted that long-term data security and compliance combine the responsibilities of certain roles, including information security chief, risk manager and compliance manager.