Verizon releases a report on poor security in the payment card industry. Not a significant surprise, same problem across the board.

September 5, 2017 |

Payment by card is becoming ubiquitous in Australia, right down to getting the mandatory coffee first thing in the morning.  Some businesses refuse to accept cash where cash was usually the only form of transaction, such as bakeries.  The Economist in Emptying the tills highlights the phenomena of card taps being the norm, cash payment by value dropping, to as low as 5.7% in Sweden, and card only being a selling point.  It is not universal with card over cash being the norm in Scandinavia but cash still reigning in Germany and Italy, though for differing reasons.

What is clear though is that with the march of the cards maintaining data security is critical.  The best starting point is to comply with industry standards on data security, otherwise known as Payment Card Industry Data Security Standard (PCI DSS). Unfortunately, as with many businesses, maintaining appropriate data security is less common that one would hope.  That is made clear in a very recent Verizon 2017 Payment Security Report.   It finds that 44.6% fail to protect to payment card data onan ongoing basis.  Compliance is improving, from a dismal 11.1% in 2012 to the current 55.4%. But given the data collected by payment card operators is commonly stolen to commit fraud the extent of non compliance is a concern.

The global manager for security at Verizon stated:

“There is a clear link between PCI DSS compliance and an organisation’s ability to defend itself against cyberattacks. Whilst it is good to see PCI compliance increasing, the fact remains that over 40% of the global organisations we assessed – large and small – are still not meeting PCI DSS compliance standards. Of those that pass validation, nearly half fall out of compliance within a year – and many much sooner.”

and

“It is no longer the question of ‘if’ data must be protected, but ‘how’ to achieve sustainable data protection. Many organisations still look at PCI DSS controls in isolation and don’t appreciate that they are inter-related – the concept of control lifecycle management is far too often absent,” Simonetti said.

The  executive summary found here

One Response to “Verizon releases a report on poor security in the payment card industry. Not a significant surprise, same problem across the board.”

  1. Verizon releases a report on poor security in the payment card industry. Not a significant surprise, same problem across the board. | Australian Law Blogs September 5th, 2017

    […] Verizon releases a report on poor security in the payment card industry. Not a significant surprise,… […]

Leave a Reply