Verizon Demos Link Between Payment Card Security Standard Compliance and Ability to Defend Against Cyberattacks

With cybercrime on the increase, payment card security is increasingly a focus for companies and consumers alike. The Payment Card Industry Data Security Standard (PCI DSS) is there to help businesses that take card payments protect their payment systems from breaches and theft of cardholder data.

The findings from the Verizon 2017 Payment Security Report (2017 PSR) demonstrate a link between organizations being compliant with the standard, and their ability to defend themselves against cyberattacks.

Of all payment card data breaches Verizon investigated, no organization was fully compliant at the time of breach, and showed lower compliance with 10 out of the 12 PCI DSS key requirements.

Overall PCI compliance has increased amongst global businesses, with 55.4 percent of organizations Verizon assessed passing their interim assessment in 2016. This is an increase from 2015, when only 48.4 percent of organizations achieved full compliance during their interim validation. This means that nearly half of retailers, restaurants, hotels and other business that take card payments are still failing to maintain compliance from year to year.

“There is a clear link between PCI DSS compliance and an organization’s ability to defend itself against cyberattacks,” comments Rodolphe Simonetti, global MD for security consulting, Verizon. “Whilst it is good to see PCI compliance increasing, the fact remains that over 40 percent of the global organizations we assessed – large and small - are still not meeting PCI DSS compliance standards. Of those that pass validation, nearly half fall out of compliance within a year — and many much sooner.”

Key insight and real-life examples into business sector compliance
According to the report IT services industry achieved the highest full compliance of all key industry groups studied. Globally, about three fifths (61.3 percent) of IT services organizations achieved full compliance during interim validation in 2016, followed by 59.1 percent of financial services organizations (which includes insurance companies), retail (50 percent) and hospitality (42.9 percent).

The 2017 PSR also flags the compliance challenges faced by specific business sectors including:
* Retail: security testing, encrypted data transmissions and authentication.
* Hospitality and travel: security hardening, protecting data in transit and physical security.
* Financial Services: security procedures, secure configurations, protecting data in transit, vulnerability management and overall risk management.

Real-life examples highlight situations where compliance controls are not followed. For example – a financial services organization seeking exemption from the Wi-Fi requirements of PCI DSS was surprised to learn that it did in fact have a wireless network operating in its building – this lack of knowledge causing it to fail.

The IT admin had got tired of traipsing from the server room in the basement to the IT department on the third floor, and so had installed a router to access the servers from his desk.

Also Read

Stay in the know with our newsletter