Payment card security remains lax, says Verizon Business report

Payment security is getting weaker as 27.9% of global organizations were in full compliance with the Payment Card Industry Data Security Standard (PCI DSS), according to Verizon.

The Verizon Business 2020 Payment Security Report highlights that PCI DSS compliance is down 27.5% from 2016. Full PCI DSS compliance meets 12 requirements. Those requirements are:

Protect your system with firewallsConfigure passwords and settings Protect stored cardholder dataEncrypt transmission of cardholder data across open, public networksUse and regularly update anti-virus softwareRegularly update and patch systemsRestrict access to cardholder data to business need to knowAssign a unique ID to each person with computer accessRestrict physical access to workplace and cardholder dataImplement logging and log management Conduct vulnerability scans and penetration testsDocumentation and risk assessments

Verizon's findings are a bit alarming given that credit cards are a big target for cybercrime. Consider a few recent events:

My stolen credit card details were used 4,500 miles away. I tried to find out how it happened'Keeper' hacking group behind hacks at 570 online storesRitz London suspects data breach, fraudsters pose as staff in credit card data scam

According to Verizon, companies are struggling to retain qualified chief information security officers and lack long-term planning.

Among the key items in the report:

51.9% successfully test security systems and processes as well as unmonitored system access. Two-thirds of all businesses track and monitor access to business-critical systems. 70.6% of financial institutions maintain essential perimeter security controls.

Here's a look at the five-year trends for full PCI DSS compliance by requirement.

A look at the five-year trends for complying to the 12 requirements of payment card security. 

Verizon