February 27, 2014, 12:01 PM

Nearly 90% of companies fall short in protecting payment card data, Verizon says

Just 11.1% of organizations fully comply with PCI security standards, according to a new report from Verizon Enterprise Solutions.

Madeline Andre

Associate editor

Lead Photo

88.9% of organizations aren’t doing enough to protect the credit and debit card data they handle, according to a new report from Verizon Enterprise Solutions. The “Verizon 2014 PCI Compliance Report” says that only 11.1% of organizations are fully compliant with the 12 requirements of the Payment Security Industry Data Security Standards, a set of rules created by payment card networks to protect cardholder data, commonly referred to as PCI.  Still, that’s up from 7.5% in 2012, the report says.

Verizon security experts assessed more than 500 companies across multiple industries, including retail. They gathered data between 2011 and 2013 for the report.

Although the remaining 88.9% of companies assessed are somewhere beneath “compliant,” the number of companies improving year to year is on the rise. ”Verizon classified just over 70% of organizations in the report as “nearly there,” or between 81% and 99% compliant, in 2013, up from 25% in 2012.  Verizon attributes this growth to increased awareness of data security standards from security vendors, card brands and the PCI governing body, and a heightened concern for card data security prompted by well-publicized data breaches. Clearer interpretations of the PCI standards have also helped.

Verizon stresses that it takes only one weak point in payment card security for criminals to access payment card data. When compared to the Verizon 2013 Data Breach Investigations Report, Verizon found that companies with a data breach are less likely to be effective at two things: limiting access to cardholder data on a “need-to-know” basis and generating and maintaining accurate logs of consumer activity on all devices. Though these aren’t the only two factors that increase the risk of a data breach, they were key contributors to data breaches and losses of cardholder data in 2013, the report says.


Sign In to Make a Comment

Comments are moderated by Internet Retailer and can be removed.

Not a member? Signup for free today!




Relevant Commentary


Jason Squardo / Mobile Commerce

Five tips for achieving high mobile search rankings

Searches on mobile devices will soon exceed those on computers, Google says. Retailers that keep ...


Sergio Pereira / B2B E-Commerce

Quill turns to its B2B customers for new ideas

Coming in April is a new section of Quill.com that will let customers and Quill ...