X
Tech
Home Tech Security

Enterprises (especially retail, hospitality) struggle with payment card data security standards

A Verizon report highlights that more organizations are compliant with PCI DSS, but companies still struggle with security controls.
Written by Larry Dignan, Contributor
pci-dss-compliance.png

Enterprises are complying with the Payment Card Industry Data Security Standard (PCI DSS) more, but the number of organizations in compliance is still low enough to leave the door open for cyberattacks, according to Verizon.

First, the good news. According to the Verizon 2017 Payment Security Report, 55.4 percent of organizations complied with PCI when validated in 2016, up from 48.4 percent in 2015. However, maintaining compliance is an issue, said Verizon.

And there are still 44.6 percent of organizations such as retailers, restaurants and hotels not up to PCI standards. PCI DSS standards are there to allow businesses to take card payments and protect systems from cardholder data breaches. The requirements include items such as firewalls, data in transit controls, encryption and authentication.

That lack of compliance is notable because of all of the payment card data breaches investigated by Verizon no organizations were fully compliant at the time of the breach. Simply put, PCI DSS compliance is directly linked to data breaches.

Also: Ransomware incidents surge, education a hot bed for data breaches, according to Verizon

Meanwhile, of the companies that pass validation almost half of them fall out of PCI DSS compliance within a year.

Key items from the Verizon payment security report:

  • The IT services industry had the highest full PCI DSS compliance with 61.3 percent fully compliant during interim validation.
  • 59.1 percent of financial services organizations were fully compliant, but many struggled with security procedures, configurations, vulnerability management and overall risk.
  • 50 percent of retailers and 42.9 percent of hospitality organizations were PCI-DSS compliant. Retailers struggled with security testing, encrypted data transmissions and authentication and hospitality and travel groups struggled with security hardening, protecting data in transit and physical security.
  • 13 percent of companies failed interim assessments due to absent controls.

Verizon added that enterprises need to consolidate security controls for easier management, develop expertise and their people, maintain internal controls and interlink them and automate.

Editorial standards
Show Comments

Related

Lock with wheels turning inside

The biggest challenge with increased cybersecurity attacks, according to analysts

Yes, there's a SIM tray for cellular data that can accommodate two SIM cards, or one SIM card and a microSD card.

Criminals want to pay T-Mobile and Verizon staff for SIM swaps. Here's what you need to know

padlockhole2gettyimages-473158924

These SMBs are hot threat targets but they're shrugging off security help