10 December 2016
Visit aciworldwide.com

Retailers failing to maintain PCI standards - Verizon

11 February 2014  |  1258 views  |  0 Source: Verizon

A new Verizon report has found that too many businesses, following their annual assessment for meeting the Payment Card Industry Data Security Standard, fail to maintain ongoing compliance -- putting the businesses at an increased risk for data breaches, and financial and reputational damages.

The "Verizon 2014 PCI Compliance Report" affirms that payment card transactions remain a prime target for attackers, and the rate at which data breaches are occurring appears to be increasing. It is estimated by The Nilson Report that global credit cards fraud exceeded $11 billion in 2012 alone.

According to the report, in most cases, payment card data breaches are not a failure of security technology or of compliance with the Payment Card Industry Data Security Standard, but rather a failure to implement appropriate compliance and security measures as intended.

"We continue to see many organizations viewing PCI compliance as a single annual event, unaware that compliance needs to have a 365 day-a-year focus," stated Rodolphe Simonetti, managing director, PCI practice, Verizon Enterprise Solutions.

However, there is a bright spot in the report: Organizations' initial compliance with the PCI standard has shown some improvement. In 2013, more than 82 percent of organizations were compliant with at least 80 percent of the PCI standard at the time of their annual baseline assessment, compared with just 32 percent in 2012.

There were also regional differences due to breach notification laws, varying legal requirements and levels of adoption. The Asia-Pacific region took the top spot (75 percent), followed by the U.S. with 56 percent and Europe with 31 percent in meeting at least 80 percent of the PCI requirements.

Areas where businesses struggle the most in achieving initial compliance include: security testing (23.8 percent); security monitoring and the ability to effectively detect and respond to data compromised (17 percent); and protecting stored sensitive data (55.6 percent).

"Anything less than 100 percent compliance is an issue for businesses today," said Simonetti. "We have seen time and time again that noncompliance leaves an organization open to credit card theft, which can potentially cost hundreds of millions of dollars when you factor in all the damages, not to mention lost consumer trust and the impact on brand reputation. Organizations need to rethink how they factor in maintaining a PCI-compliant environment, whether it's devoting more resources or working with a managed security services provider."

Report Takes In-Depth Look at Each of 12 PCI Requirements

In addition the report examines in detail how well organizations comply with each of the 12 specific PCI requirements; provides recommendations that organizations can implement to help them earn and maintain compliance; and explains how noncompliance with each requirement can lead to a data breach.

Simonetti points out that "compliance activities should be planned; integrated with largest organizational wide governance, security and compliance initiatives; and automated as much as possible to help ensure compliance is sustainable and cost effective."

PCI Report Findings Based on Actual PCI Assessments

The report is based on findings from hundreds of PCI DSS assessments conducted by Verizon's team of PCI Qualified Security Assessors, from 2011 through 2013. Like Verizon's Data Breach Investigations Report (DBIR) series, the PCI Compliance Report is based on actual casework and is believed to be the only report of its kind in the industry. This report analyzes PCI Data Security assessment data, with a specific focus on the retail, financial services and hospitality industries across North America, Europe and the Asia-Pacific region.

Comments: (0)

Comment on this story (membership required)

Related company news

 

Related blogs

Create a blog about this story (membership required)
Find out morehttp://www.financialcrimerisk.fiserv.com/aml?r=finextraFind out more

Top topics

Most viewed Most shared
China tops world fintech rankingsChina tops world fintech rankings
8491 views comments | 39 tweets | 31 linkedin
EBA bends under weight of PSD2 mandatesEBA bends under weight of PSD2 mandates
8078 views comments | 37 tweets | 48 linkedin
Guesswork alone can crack Visa card security - Newcastle UniversityGuesswork alone can crack Visa card securi...
7979 views 12 comments | 15 tweets | 27 linkedin
PSD2 will transform the payments landscapePSD2 will transform the payments landscape
6994 views comments | 23 tweets | 13 linkedin
Fed Governor sounds warning on alternative credit scoring dataFed Governor sounds warning on alternative...
6822 views comments | 20 tweets | 23 linkedin

Featured job

to Six-Figure Base, Commission, Benefits
London, UK

Find your next job