Nearly two thirds of organisations around the world that accept card payments are putting customers at risk by failing to ensure full PCI DSS compliance, according to a Verizon report.
Fifteen years after Visa launched the PCI DSS (Payment Card Industry Data Security Standard) the percentage of businesses achieving and maintaining compliance sits at just 36.7% worldwide, down from 52.5% in 2018.
Geographically, organisations in the Asia-Pacific region show a stronger ability to maintain full compliance at 69.6%, compared to 48% in Europe, Middle East and Africa, and just 20.4% in the Americas.
Rodolphe Simonetti, global managing director, security consulting, Verizon, says: “After witnessing a gradual increase in compliance from 2010 to 2016, we are now seeing a worrying downward trend and increasing geographical differences.
“We see an increasing number of organisations unable to obtain and maintain the required compliance for PCI DSS, which has a direct impact on the security of their customers’ payment data.”
Verizon says there is a clear link between a lack of PCI DSS compliance and the risk of suffering data breaches. The report concludes that a compliance program without the proper controls to protect data has a more than 95% probability of not being sustainable and is more likely to be a potential target of a cyberattack.
Says Simonetti: “Our data shows that we have never investigated a payment card security data breach for a PCI DSS compliant organisation. Compliance works!”