February 27, 2014, 12:01 PM

Nearly 90% of companies fall short in protecting payment card data, Verizon says

Just 11.1% of organizations fully comply with PCI security standards, according to a new report from Verizon Enterprise Solutions.

Lead Photo

88.9% of organizations aren’t doing enough to protect the credit and debit card data they handle, according to a new report from Verizon Enterprise Solutions. The “Verizon 2014 PCI Compliance Report” says that only 11.1% of organizations are fully compliant with the 12 requirements of the Payment Security Industry Data Security Standards, a set of rules created by payment card networks to protect cardholder data, commonly referred to as PCI.  Still, that’s up from 7.5% in 2012, the report says.

Verizon security experts assessed more than 500 companies across multiple industries, including retail. They gathered data between 2011 and 2013 for the report.

Although the remaining 88.9% of companies assessed are somewhere beneath “compliant,” the number of companies improving year to year is on the rise. ”Verizon classified just over 70% of organizations in the report as “nearly there,” or between 81% and 99% compliant, in 2013, up from 25% in 2012.  Verizon attributes this growth to increased awareness of data security standards from security vendors, card brands and the PCI governing body, and a heightened concern for card data security prompted by well-publicized data breaches. Clearer interpretations of the PCI standards have also helped.

Verizon stresses that it takes only one weak point in payment card security for criminals to access payment card data. When compared to the Verizon 2013 Data Breach Investigations Report, Verizon found that companies with a data breach are less likely to be effective at two things: limiting access to cardholder data on a “need-to-know” basis and generating and maintaining accurate logs of consumer activity on all devices. Though these aren’t the only two factors that increase the risk of a data breach, they were key contributors to data breaches and losses of cardholder data in 2013, the report says.

comments powered by Disqus

Advertisement

Advertisement

Advertisement

From IR Blogs

FPO

Patrick Smarzynski / E-Commerce

What the changes at eBay mean for sellers

The online marketplace introduced new rules for sellers last month. It’s crucial that sellers understand ...

FPO

Mark Feinstein / E-Commerce

A quick guide to global e-commerce opportunities

Consumers in many countries are buying more online each year. Understanding the nuances of each ...

Advertisement