Only one out of three companies around the world live up to international information security standards for credit cards.
That’s according to a new report from Verizon, the telecommunication conglomerate, that found that only 36.7% of companies worldwide live up to the Payment Card Industry Data Security Standard (PCI DSS) that is accepted around the globe. The percentage represents a drop for the second year running, having decreased from 52.5% in 2018.
The research noted that organisations in the Asia-Pacific region are better at living up to PCI DSS. In the region, 69.6% complied with the standard. In Europe, Middle East and Africa only 48% could say the same. Companies in the Americas were the worst when it came to PCI DSS compliance, with just 20.4% being compliant with the rules.
“After witnessing a gradual increase in compliance from 2010 to 2016, we are now seeing a worrying downward trend and increasing geographical differences,” said Rodolphe Simonetti, global managing director for security consulting at Verizon.
“We see an increasing number of organisations unable to obtain and maintain the required compliance for PCI DSS, which has a direct impact on the security of their customers’ payment data. With the latest version of the PCI DSS standard 4.0 launching soon, businesses have an opportunity to turn this trend around by rethinking how they implement and structure their compliance programmes.
“Many organisations spend a lot of time and money creating data protection compliance programmes, but often these are ineffective – looking good on paper but not able to withstand the scrutiny of a professional security assessment. We still see chief information security officers focusing on how to maintain baseline control activities rather than looking at data protection competency and maturity. What is needed is a clear and easy-to-understand navigational guide to help them deliver measurable results and predictable outcomes.”
Copyright © 2019 FinTech Global