Payment security report: companies struggle with PCI compliance

Monday 4 September 2017 09:24 CET | News

A payment security report by Verizon has revealed that companies struggle to maintain PCI compliance within a year of meeting it. 

According to the Verizon 2017 Payment Security Report, the number of businesses achieving full compliance with their annual Payment Card Industry Data Security Standard (PCI DSS) review reached a record 55.4% last year, but nearly half of companies fall out of compliance.

Additionally, in all of the nearly 300 payment card data breaches that Verizon investigated in 2010 to 2016, the businesses hit were not fully PCI DSS-compliant at the time of their breach.

The security testing requirement in PCI DSS continues to top the list of requirements that are difficult to comply with. Only 71.9% of companies are able to fully comply with this requirement when initially evaluated. The develop and maintain secure systems requirement and maintaining a policy that addresses information security for all personnel, ranked among the second most difficult to achieve full compliance, with each only garnering success among 77.7% of the companies initially evaluated. Companies were missing an average of 13% of the controls overall in 2016, whereas the previous year it was 12.4%.

Verizons report also shows that IT services achieved the highest level of compliance, with 61.3% hitting the mark during evaluation process, followed by financial services (59.1%) and retail (50%). Less than 43% of the hospitality industry, which includes hotels, was compliant.

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: payment security, PCI compliance, Verizon, report, PCI DSS
Categories: Securing Transactions | Digital Identity, Security & Online Fraud
Countries: World
This article is part of category

Securing Transactions