|
Businesses must be vigilant in maintaining
security to remain compliant with the Payment Card Industry Data
Security Standard (PCI DSS), required by payment card issuers.
Most of the companies have a tendency to run upgrades of
security software and hardware only when they approach an annual
compliance check, according to Verizon.
The report, which gathered data in 30 countries by assessing
more than 5,000 merchants including retailers, financial
institutions and hospitality firms among others, found only 20
percent of those tested to be fully compliant less than a year
after installing security safeguards.
From 2013-2014, overall compliance went up by 18 percentage
points for 11 out of the 12 payment data security standards.
The report acknowledged the standards are only a baseline, an
industry-wide minimal acceptable standard. The volume and scale
of breaches in the past 12 months have shown that this is not
stopping attackers, Verizon said.
However, out of all the data breaches in the past 10 years that
Verizon studied, not a single company was found to be compliant
at the time of the breach.
Credit and debit cards account for two-thirds of purchases by
value in the United States. A further $2.17 trillion is spent
via electronic methods, such as PayPal and mobile payments —
many of which are ultimately backed by card transactions, the
report said.
(Reporting by Nandita Bose; Editing by Jim Finkle and Ken Wills)
[© 2015 Thomson Reuters. All rights
reserved.] Copyright 2015 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
 |
|
