Research found just under half of companies failed to comply with payment card regulations, due to poor cyber-security.
Almost half of companies around the world failed to comply with payment security regulations, risking their future ability to take card payments.
According to Verizon’s Payment Security Report, 45% of all companies assessed didn’t comply with the payment card industry rules, failing to scan their systems for vulnerabilities often enough and sometimes even not encrypting data.
Although the amount of global companies complying with payment security regulations has increased to 55.4% from 48.4% in 2015, Verizon’s report found that 45% of businesses continue to take card payments even though they fail to comply with payment security regulations, including department stores, hotels restaurants and practices.
None of the organisations Verizon looked at, regarding payment card data, were reported to be fully compliant.
Globally, 61.3% of IT service organisations achieved full compliance validation, followed by 59.1% of financial services organisations. Retailers were named as being the worst among the industries for failing full compliance.
According to Verizon, most compliance failings are not as a result of a lack of security features, with ineffective security controls instead to blame.
Verizon’s Security Report outlined different compliance rules businesses must comply with. The Payment Card Industry Data Security Standard (PCI DSS) ensures businesses taking card payments protect the cardholder data from breaches and theft by protecting their payment systems.
The report looked at 12 different key requirements businesses must comply, including storage of cardholder data, firewall use, protecting transit data, malicious software protection and development and maintaining secure systems.
“There is a clear link between PCI DSS compliance and an organization’s ability to defend itself against cyberattacks,” comments Rodolphe Simonetti, global managing director for security consulting, Verizon. “Whilst it is good to see PCI compliance increasing, the fact remains that over 40 percent of the global organizations we assessed – large and small – are still not meeting PCI DSS compliance standards. Of those that pass validation, nearly half fall out of compliance within a year — and many much sooner.”
The report comes at a key time, what with the impending General Data Protection Regulation. Under GDPR, companies could face up to £17m in fines or 4% of annual revenues for not protecting data.
Companies failing to comply with the payment card regulations not only risk incurring fines, but also risk being stopped from accepting payments altogether.