A report by a payment vendor revealed that only one in three organizations have implemented PCI DSS compliance. Read on to know more…
According to a new research report by US telecom carrier Verizon, only one in three organizations have implemented full payment security PCI DSS compliance to secure customers’ data. Payment Card Industry Data Security Standard (PCI DSS) helps businesses that offer card payment facilities protect their payment systems from breaches and theft of cardholder data, amidst a worrying downtrend and increasing geographical differences.
About PCI DSS
PCI DSS is the worldwide Payment Card Industry Data Security Standard that was set up to help businesses process card payments securely and reduce card fraud. The achieves through enforcing tight controls surrounding the storage, transmission and processing of cardholder data that businesses handle. PCI DSS is intended to protect sensitive cardholder data.
The payment standard has several high level requirements like Installation and maintaining a firewall configuration to protect data, not using vendor-supplied defaults for system passwords and other security parameters, protection of cardholder data through high level encryption, restricting access to data by business need-to-know, tracking and monitoring all access to network resources and cardholder data and several other requirements.
The firm’s annual Payment Security Report (PSR) has tracked compliance levels for several years.
The Verizon’s 2019 Payment Security Report states that organizations that maintain full compliance with the Payment Card Industry Data Security Standard decreased for the second year in a row to 36.7 per cent worldwide. This year’s was compiled from 302 PCI DSS engagements by Verizon Qualified Security Assessors (QSAs) with a range of organizations, including Fortune 500 and large multinationals firms, in over 60 countries.
In 2004, when Visa initially launched the PCI DSS, many assumed that organizations would achieve effective and sustainable compliance within five years. Now, after 15 years, the number of businesses achieving and maintaining compliance has dropped from 52.5 per cent (2018) to a low of just 36.7 per cent worldwide.
APAC organizations appeared to be the best prepared, with 70% fully compliant. Geographically, organizations in the Asia-Pacific (APAC) region show a stronger ability to maintain full compliance at 69.6 per cent, compared to 48 per cent in Europe, Middle East and Africa (EMEA) and just 20.4 per cent (1 in 5) in the Americas.
“Payment security compliance has declined for the second year in a row, with organizations based in the Americas lagging behind worldwide counterparts,” said the report.
The report also includes data from the Verizon Threat Research Advisory Center (VTRAC), which demonstrates that a compliance program without the proper controls to protect data has a more than 95 percent probability of not being sustainable and is more likely to be a potential target of a cyberattack.
The findings chime with a Security Scorecard report from 2018 which revealed that over 90% of US retailers were non-compliant with PCI DSS, failing four or more of the key requirements of the standard. Requirement six — dealing with maintaining secure systems and applications — was a problem for 98%.