Global PCI DSS compliance plummets

Nearly two thirds of organisations around the world that accept card payments are putting customers at risk by failing to ensure full PCI DSS compliance, according to a Verizon report.

  23 2 comments

Global PCI DSS compliance plummets

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

Fifteen years after Visa launched the PCI DSS (Payment Card Industry Data Security Standard) the percentage of businesses achieving and maintaining compliance sits at just 36.7% worldwide, down from 52.5% in 2018.

Geographically, organisations in the Asia-Pacific region show a stronger ability to maintain full compliance at 69.6%, compared to 48% in Europe, Middle East and Africa, and just 20.4% in the Americas.

Rodolphe Simonetti, global managing director, security consulting, Verizon, says: “After witnessing a gradual increase in compliance from 2010 to 2016, we are now seeing a worrying downward trend and increasing geographical differences.

“We see an increasing number of organisations unable to obtain and maintain the required compliance for PCI DSS, which has a direct impact on the security of their customers’ payment data."

Verizon says there is a clear link between a lack of PCI DSS compliance and the risk of suffering data breaches. The report concludes that a compliance program without the proper controls to protect data has a more than 95% probability of not being sustainable and is more likely to be a potential target of a cyberattack.

Says Simonetti: "Our data shows that we have never investigated a payment card security data breach for a PCI DSS compliant organisation. Compliance works!"

Sponsored [Webinar] Behavioural Biometrics: Meeting the deployment challenge

Comments: (2)

Steve Wainwright

Steve Wainwright Sales Director at Utimaco

Is it a marketing fail? Those of us in the industry know  PCI but the public does not. Branding to help build consumer awareness & choice and motivate adoption would go a long way.

A Finextra member 

The imposition of PCI DSS standards on merchants in particular was the biggest and most expensive shift in corporate responsibility from the card schemes to merchants which forced them to comply with complex rules, audits and compliance measures which were never ending. The card schemes should accept full responsibility for maintaining a product (card payments) the function and operation of which are no longer fit for purpose. It's THEIR problem and they should have addressed it years ago.

[Upcoming Webinar] Next Gen Payment Processing: How banks can embrace the futureFinextra Promoted[Upcoming Webinar] Next Gen Payment Processing: How banks can embrace the future