View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
August 31, 2017updated 01 Sep 2017 4:49pm

Cyber-attacks made easy as nearly half of companies fail payment security

Research found just under half of companies failed to comply with payment card regulations, due to poor cyber-security.

By April Slattery

Almost half of companies around the world failed to comply with payment security regulations, risking their future ability to take card payments.

According to Verizon’s Payment Security Report, 45% of all companies assessed didn’t comply with the payment card industry rules, failing to scan their systems for vulnerabilities often enough and sometimes even not encrypting data.

Although the amount of global companies complying with payment security regulations has increased to 55.4% from 48.4% in 2015, Verizon’s report found that 45% of businesses continue to take card payments even though they fail to comply with payment security regulations, including department stores, hotels restaurants and practices.

Cyber-attacks made easy as nearly half of companies fail payment security

Failure to comply with regulations could mean companies face termination of card payments.

None of the organisations Verizon looked at, regarding payment card data, were reported to be fully compliant.

Globally, 61.3% of IT service organisations achieved full compliance validation, followed by 59.1% of financial services organisations. Retailers were named as being the worst among the industries for failing full compliance.

According to Verizon, most compliance failings are not as a result of a lack of security features, with ineffective security controls instead to blame.

Verizon’s Security Report outlined different compliance rules businesses must comply with. The Payment Card Industry Data Security Standard (PCI DSS) ensures businesses taking card payments protect the cardholder data from breaches and theft by protecting their payment systems.

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

The report looked at 12 different key requirements businesses must comply, including storage of cardholder data, firewall use, protecting transit data, malicious software protection and development and maintaining secure systems.

Read More: Lack of cyber hygiene leaves 90% of businesses vulnerable to hacks

“There is a clear link between PCI DSS compliance and an organization’s ability to defend itself against cyberattacks,” comments Rodolphe Simonetti, global managing director for security consulting, Verizon. “Whilst it is good to see PCI compliance increasing, the fact remains that over 40 percent of the global organizations we assessed – large and small – are still not meeting PCI DSS compliance standards. Of those that pass validation, nearly half fall out of compliance within a year — and many much sooner.”

The report comes at a key time, what with the impending General Data Protection Regulation. Under GDPR, companies could face up to £17m in fines or 4% of annual revenues for not protecting data.

Companies failing to comply with the payment card regulations not only risk incurring fines, but also risk being stopped from accepting payments altogether.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.