Almost half of all global companies are failing to comply with the security standards set down by the Payment Cards Industry (PCI) when it comes to customer payment data protection.
The latest Payment Security Report from Verizon has found that although PCI compliance has risen among global businesses, from just 48.4 per cent in 2015 to 55.4 per cent in 2016, there is still a long way to go.
Failing to comply with the PCI Data Security Standard can mean that the companies are putting consumers at risk of payment fraud.
Global managing director for security consulting at Verizon, Rodolphe Simonetti, commented: ‘While it is good to see PCI compliance increasing, the fact remains that over 40 per cent of the global organisations we assessed – large and small – are still not meeting PCI DSS compliance standards. Of those that pass validation, nearly half fall out of compliance within a year – and many much sooner.’
The worst offenders seem to be the hospitality industry, such as hotels, bars, and restaurants. They recorded the lowest percentage of any industry for achieving full PCI DSS compliance at their interim validation.
Perhaps unsurprisingly, IT companies came out best in the research, with 61.3 per cent achieving full PCI compliance. Financial services organisations, including insurance companies, came close behind with 59.1 per cent compliance.
Retail organisations were still seen to be lagging, reaching a compliance level of only 50 per cent.
Chief technology officer for the PCI Security Standards Council, Troy Leach, said: ‘The report highlights the challenges organisations have to consistently maintain security controls on an ongoing basis, leaving their cardholder data environments vulnerable to attack.’
He continued: ‘This trend was a key driver for changes introduced in PCI Data Security Standard version 3.2, which focuses on helping organisations confirm that critical data security controls remain in place throughout the year, and that they are effectively tested as part of the ongoing security monitoring process.’
The Verizon Payment Security Report is based on actual casework, encompassing the results from thousands of real-world PCI compliance assessments.