Nearly Half of Companies are Failing Security Standards
A new report by Verizon has revealed that 45% of companies fail to secure payment systems against cyber-attacks and hacks by not complying with Payment Card Industry (PCI) rules.
The security assessments aim to test companies’ cyber-attack defences, focusing especially on online payment security, as it contains extremely sensitive data. Verizon concluded that there is a direct link between organisations’ compliance and their ability to protect themselves and their database against breaches.
“Retail is very bad at testing and very poor at encrypting data, securing transmitted data and authentication,” Ciske Van Oosten, Global Intelligence Manager for Verizon PCI Security Practice. He also noted that not a single case of breach in PCI-compliant companies has been recorded.
Despite improvement year after year, more than half of companies are not complying with payment security standards
The numbers come shortly after the cost of not complying with the European General Data Protection Regulation (GDPR) was revealed. Companies that do not protect users’ personal information properly can face fines of up to €20 million, or 4% of revenue.
There are further risks for non-compliant businesses, such as possibly breaking clauses in contracts, expensive fines or even being terminated from accepting payments.
Payment Card Industry Data Security Standards, or PCI DSS, is a set of security standards for all organisations handling cardholder data. There are six main objectives to be reached in order to comply with the standards:
PCI Data Security Standards:
- Building and maintaining a secure network
- Protecting cardholder data
- Maintaining a vulnerability management program
- Implementing strong access control measures
- Monitoring and testing networks regularly
- Maintaining an information security policy
It is important to remind merchants that the GDPR applies to companies in any sector – not only payment providers – which handle personal information of European citizens.
Retailers and businesses are advised to train their team and, whenever possible, assign a data protection officer to be in charge of testing systems frequently and maintaining compliance standards.
PCI checks are carried out once a year, and the Verizon report showed that in as little as three months after the annual check, some companies had made changes in their systems which resulted in failure to comply. It is crucial for merchants to understand that sensitive data must always be protected.
Secure Trading is a fully certified PCI DSS level 1 payment provider and guarantees PCI compliance across all payment gateway services. Secure Trading can also offer your business guidance on meeting security standards.