Payment security report: companies struggle with PCI compliance

According to the Verizon 2017 Payment Security Report, the number of businesses achieving full compliance with their annual Payment Card Industry Data Security Standard (PCI DSS) review reached a record 55.4% last year, but nearly half of companies fall out of compliance.

Additionally, in all of the nearly 300 payment card data breaches that Verizon investigated in 2010 to 2016, the businesses hit were not fully PCI DSS-compliant at the time of their breach.

The security testing requirement in PCI DSS continues to top the list of requirements that are difficult to comply with. Only 71.9% of companies are able to fully comply with this requirement when initially evaluated. The develop and maintain secure systems requirement and maintaining a policy that addresses information security for all personnel, ranked among the second most difficult to achieve full compliance, with each only garnering success among 77.7% of the companies initially evaluated. Companies were missing an average of 13% of the controls overall in 2016, whereas the previous year it was 12.4%.

Verizons report also shows that IT services achieved the highest level of compliance, with 61.3% hitting the mark during evaluation process, followed by financial services (59.1%) and retail (50%). Less than 43% of the hospitality industry, which includes hotels, was compliant.