CyberScout

The Worldwide Failure to Comply with Payment Security Standards

PCI Compliance

Payment security continues to decline worldwide, with almost two-thirds of organizations failing to meet and maintain compliance standards, according to a new report released by Verizon.

The 2019 Payment Security Report (PSR) measured worldwide compliance with the Payment Card Industry Data Security Standard (PCI DSS), and found a 36.7% decline. Verizon’s 2018 PSR showed 52.5% compliance. The Americas had the lowest compliance with just 20.5% meeting the global standard. 

“We see an increasing number of organizations unable to obtain and maintain the required compliance for PCI DSS, which has a direct impact on the security of their customers’ payment data,” said Rodolphe Simonetti, Global Managing Director for Security Consulting at Verizon.

PCI DSS was introduced by several major credit card companies in 2004 as an industry-wide standard for securing electronic payment data directing best practices regarding data storage and data transmission. While the standards for compliance vary according to an organization’s annual volume of credit card transactions, they generally require the following:

  • A secure network
  • Protection of cardholder data
  • A vulnerability management program
  • Access control measures
  • Regular network testing and monitoring
  • An information security policy

The decline in PCI compliance is a matter for concern as the frequency and cost of data breaches continue to rise. According to the 2019 PSR, not a single organization that experienced a breach was found to be fully compliant with PCI DSS.

“For years, we have discussed the close correlation between the lack of PCI DSS compliance and cyber breaches… Our data shows that we have never investigated a payment card security data breach for a PCI DSS compliant organization,” said Simonetti.