Payment card security remains lax, says Verizon Business report
Payment security is getting weaker as 27.9% of global organizations were in full compliance with the Payment Card Industry Data Security Standard (PCI DSS), according to Verizon.
The Verizon Business 2020 Payment Security Report highlights that PCI DSS compliance is down 27.5% from 2016. Full PCI DSS compliance meets 12 requirements. Those requirements are:
- Protect your system with firewalls
- Configure passwords and settings
- Protect stored cardholder data
- Encrypt transmission of cardholder data across open, public networks
- Use and regularly update anti-virus software
- Regularly update and patch systems
- Restrict access to cardholder data to business need to know
- Assign a unique ID to each person with computer access
- Restrict physical access to workplace and cardholder data
- Implement logging and log management
- Conduct vulnerability scans and penetration tests
- Documentation and risk assessments
Verizon’s findings are a bit alarming given that credit cards are a big target for cybercrime. Consider a few recent events:
According to Verizon, companies are struggling to retain qualified chief information security officers and lack long-term planning.
Among the key items in the report:
- 51.9% successfully test security systems and processes as well as unmonitored system access.
- Two-thirds of all businesses track and monitor access to business-critical systems.
- 70.6% of financial institutions maintain essential perimeter security controls.
Here’s a look at the five-year trends for full PCI DSS compliance by requirement.