1 in 3 firms serious about payment security compliance globally
New Delhi, Nov 12 (IANS) As digital payments grow across the world, only one in three organizations have implemented full payment security compliance to secure customers’ data, a new report by US telecom carrier Verizon said on Tuesday.
Companies that maintain full compliance with the Payment Card Industry Data Security Standard (PCI DSS) decreased for the second year in a row to 36.7 per cent worldwide, said Verizon’s 2019 Payment Security Report.
PCI DSS helps businesses that offer card payment facilities protect their payment systems from breaches and theft of cardholder data.
“After witnessing a gradual increase in compliance from 2010 to 2016, we are now seeing a worrying downward trend and increasing geographical differences,” said Rodolphe Simonetti, Global Managing Director for Security Consulting at Verizon.
“We see an increasing number of organizations unable to obtain and maintain the required compliance for PCI DSS, which has a direct impact on the security of their customers’ payment data,” Simonetti added.
When Visa initially launched the PCI DSS in 2004, many assumed that organizations would achieve effective and sustainable compliance within five years.
Now, 15 years on, the number of businesses achieving and maintaining compliance has dropped from 52.5 per cent (2018) to a low of just 36.7 per cent worldwide.
Geographically, organizations in the Asia-Pacific (APAC) region show a stronger ability to maintain full compliance at 69.6 per cent, compared to 48 per cent in Europe, Middle East and Africa (EMEA) and just 20.4 per cent (1 in 5) in the Americas.
“Payment security compliance has declined for the second year in a row, with organizations based in the Americas lagging behind worldwide counterparts,” said the report.
With the latest version of the PCI DSS standard 4.0 launching soon, businesses have an opportunity to turn this trend around by rethinking how they implement and structure their compliance programmes, Simonetti said in a statement.
“We still see Chief Information Security Officers focusing on how to maintain baseline control activities rather than looking at data protection competency and maturity. What is needed is a clear and easy-to-understand navigational guide to help them deliver measurable results and predictable outcomes,” he mentioned.