back Back

Verizon reports decline in payment security compliance

By Robin Amlot

October 06, 2020

Share

Global organisations continue to put their customers’ cardholder data at risk due to a lack of long term payment security strategy and execution, according to the Verizon Business 2020 Payment Security Report (2020 PSR). With many companies struggling to retain qualified CISOs or security managers, Verizon said the lack of long-term security thinking is severely impacting sustained compliance within the Payment Card Industry Data Security Standard (PCI DSS).

Payment data remains one of the most sought after and lucrative targets by cybercriminals with 9 out of 10 data breaches being financially motivated. The Verizon Business 2020 Data Breach Investigations Report showed that within the retail sector alone, 99% of security incidents analysed, were focused on acquiring payment data for criminal use.

The 2020 PSR found that on average only 27.9% of global organisations maintained full compliance with the PCI DSS, developed to help businesses that offer card payment facilities protect their payment systems from breaches and theft of cardholder data. More concerning, this is the third successive year that a decline in compliance has occurred with a 27.5 percentage point drop since compliance peaked in 2016 (as seen in the 2017 PSR).

“Unfortunately, we see many businesses lacking the resources and commitment from senior business leaders to support long-term data security and compliance initiatives. This is unacceptable,” said Sampath Sowmyanarayan, President, Global Enterprise, Verizon Business. “The recent coronavirus pandemic has driven consumers away from the traditional use of cash to contactless methods of payment with payment cards as well as mobile devices. This has generated more electronic payment data and consumers trust businesses to safeguard their information. Payment security has to be seen as an on-going business priority by all companies that handle any payment data, they have a fundamental responsibility to their customers, suppliers and consumers.”

Additional findings within the 2020 PSR shine a spotlight on security testing where only a little more than half of the organisations (51.9%) successfully test security systems and processes as well as unmonitored system access and where approximately two-thirds of all businesses track and monitor access to business critical systems adequately. In addition, only 7 out of 10 financial institutions (70.6%) maintain essential perimeter security controls.

Lack of compliance impacts all businesses regardless of size

Small and medium-sized businesses (SMB) were flagged as having their own unique struggles with securing payment data. While smaller businesses generally have less card data to process and store than larger businesses, they have fewer resources and smaller budgets for security, impacting the resources available to maintain compliance with PCI DSS. Often the measures needed to protect sensitive payment card data are perceived as too time-consuming and costly by these smaller organizations, but as the likelihood of a data breach for SMBs remains high it is imperative that PCI DSS compliance is maintained.

The on-going CISO challenge

The report also explores the challenges CISOs face in designing, implementing, and maintaining an effective and sustainable security strategy, and how these can ultimately contribute to the breakdown of compliance and data security management. These problems were not found to be technological in nature, but as a result of organisational weaknesses which could be resolved by more mature management skills including creating formalized processes; building a business model for security as well as defining a sound security strategy with operating models and frameworks.

Previous Article

October 06, 2020

Citi invests in low-code app platform Genesis

Read More
Next Article

October 06, 2020

FIS: real-time payments surge in pandemic

Read More






IBSi FinTech Journal

  • Most trusted FinTech journal since 1991
  • Digital monthly issue
  • 60+ pages of research, analysis, interviews, opinions, and rankings
  • Global coverage
Subscribe Now

Other Related News

February 12, 2025

Al Rayan Bank upgrades its core banking solution with Finastra

Read More

February 11, 2025

Zeta raises $50m in fresh funding; valuation jumps to $2bn

Read More

February 05, 2025

Aldermore Bank taps Temenos to modernise business savings

Read More

Related Reports

Sales League Table Report 2024
Know More
Global Digital Banking Vendor & Landscape Report Q4 2024
Know More
NextGen WealthTech: The Trends To Shape The Future Q4 2023
Know More
IBSi Spectrum Report: Supply Chain Finance Platforms Q4 2023
Know More
Treasury & Capital Markets Systems Report Q4 2024
Know More