A case of complacency on compliance?
As noted in a report that debuted on Tuesday (Sept. 25) from Verizon Communications, full compliance with the PCI DSS (short for Payment Card Industry Data Security Standard) dropped last year, the first decline seen in six years.
The headline numbers: 52.5 percent of the organizations surveyed were in full compliance, according to data gleaned from 2,400 reports stretching back to 2012. That latest tally is down from 55.4 percent seen in 2016, yet compares favorably against the 48.4 percent seen in 2015.
The study noted that there are some regional differences, as 77.8 percent of firms in the Asia Pacific region were fully PCI compliant, far outpacing the 46.4 percent at full compliance in Europe, while the standing was 39.7 percent in the Americas. One factor that comes into play when viewing the relatively lower rates of PCI compliance in the Americas is the fact that in the later region, EMV chip card payments are a relatively recent phenomenon.
Broken down by industry vertical, IT firms are among the highest sectors found to have been in full compliance, where Verizon has found that 77.8 percent of its clients are in full compliance with the standards. Then came retailers at 56.3 percent compliant, and just under 48 percent of financial services firms. Lagging was the hospitality sector, where only 38.5 percent of companies were fully PCI compliant.
Delving a bit further into the report, Verizon noted that nearly one in five organizations do not have defined compliance programs in place – delineated as having a formal structure, defined scope and supporting projects in place. And, noted the company, roughly two thirds of companies surveyed were following at least one other industry standard framework “in addition to PCI DSS,” said the report.
In addition, fewer than one in five firms measure the DSS controls in place across the entire environment more frequently than is mandated by DSS. And in terms of frequency, only 40 percent measure PCI DSS compliance annually, compared to 19 percent of firms that measure and report their PCI DSS compliance monthly.
Articles listed with Cash Tech News as the author are either general information, or may have been imported from another website, to bring our readers a rich media experience that encompasses articles that we find interesting, as well as those curated by others.
The views and opinions expressed here are for informational purposes only, and should not be confused with professional financial advice. These opinions are solely those of the author and do not necessarily reflect the views of CashTechNews.com. Every investment and trade involves risk. You should conduct your own research, and contact your professional financial advisor before making any investment.
Corrections, feedback, and ideas should be submitted through the website contact form.