Security Market Segment LS
Wednesday, 13 November 2019 00:33

Payment security compliance in decline, says Verizon Featured

By

Payment security compliance has declined for the second year in a row, with organisations based in the Americas lagging behind worldwide counterparts, including the Asia Pacific region, according to a new report from US telco Verizon which reveals that only 1 in 3 companies globally make the grade on compliance and just 1 in 5 in the Americas.

Verizon says that when Visa Inc initially launched the PCI DSS in 2004, many assumed that organisations would achieve effective and sustainable compliance within five years.

Now, 15 years on, Verizon says the number of businesses achieving and maintaining compliance has dropped from 52.5 percent (2018 PSR) to a low of just 36.7 percent worldwide.

And geographically, organisations in the Asia-Pacific (APAC) region show a stronger ability to maintain full compliance at 69.6 percent, compared to 48 percent in Europe, Middle East and Africa (EMEA) and just 20.4 percent (1 in 5) in the Americas.

PCI DSS helps businesses that offer card payment facilities protect their payment systems from breaches and theft of cardholder data, as shown in the Verizon Data Breach Investigations Report series. And compliance is measured on an organisation’s ability to meet — and importantly, maintain — the standard.

“After witnessing a gradual increase in compliance from 2010 to 2016, we are now seeing a worrying downward trend and increasing geographical differences,” said Rodolphe Simonetti, global managing director for security consulting at Verizon.

“We see an increasing number of organisations unable to obtain and maintain the required compliance for PCI DSS, which has a direct impact on the security of their customers’ payment data.

“With the latest version of the PCI DSS standard 4.0 launching soon, businesses have an opportunity to turn this trend around by rethinking how they implement and structure their compliance programs.”

Verizon says data protection and compliance present daily challenges, and many organisations believe they can use a “one-size-fits-all script to achieve effective and sustainable data protection. However, in the real world, security is more complicated”.

“Many organisations spend a lot of time and money creating data protection compliance programs, but often these are ineffective — looking good on paper but not able to withstand the scrutiny of a professional security assessment,” said Simonetti.

“We still see Chief Information Security Officers focusing on how to maintain baseline control activities rather than looking at data protection competency and maturity. What is needed is a clear and easy-to-understand navigational guide to help them deliver measurable results and predictable outcomes.”

In previous Payment Security Reports, Verizon developed methodology to help organisations manage their Data Protection Compliance Programs (DPCPs), and the telco says these have now been combined to form the Verizon 9-5-4 Compliance Program Performance Framework — a guideline which helps develop and improve capability and process maturity.

The 9-5-4 Framework is designed to help organisations achieve repeatable, consistent and predictable outcomes by offering guidance on how to map, monitor and report the status of sustainability and effectiveness for each of the 9 Factors of Control Effectiveness and Sustainability — including control environment, control design, control risk, control robustness, control resilience, control lifecycle management, performance management, maturity measurement and self-assessment.

“This is across each of the essential 4 lines of assurance — individual accountability, risk management and compliance teams, internal audit, external audit and regulators — and is achieved by evaluating the 5 Constraints of Organisational Proficiency — capacity, capability, competence, commitment and communication,” notes Verizon.

The report also includes data from the Verizon Threat Research Advisory Center (VTRAC), which demonstrates that a compliance program without the proper controls to protect data has a more than 95 percent probability of not being sustainable and is more likely to be a potential target of a cyberattack.

 

“For years, we have discussed the close correlation between the lack of PCI DSS compliance and cyber breaches,” concludes Simonetti.

“In this year’s report, we included even more data from the Verizon VTRAC team, the authors of Verizon’s Data Breach Investigation series, to add more depth to this discussion. Our data shows that we have never investigated a payment card security data breach for a PCI DSS compliant organisation. Compliance works!”


Subscribe to ITWIRE UPDATE Newsletter here

GRAND OPENING OF THE ITWIRE SHOP

The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.

ENTER THE SHOP NOW!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
Peter Dinham

Peter Dinham - retired in 2020. He is a veteran journalist and corporate communications consultant. He has worked as a journalist in all forms of media – newspapers/magazines, radio, television, press agency and now, online – including with the Canberra Times, The Examiner (Tasmania), the ABC and AAP-Reuters. As a freelance journalist he also had articles published in Australian and overseas magazines. He worked in the corporate communications/public relations sector, in-house with an airline, and as a senior executive in Australia of the world’s largest communications consultancy, Burson-Marsteller. He also ran his own communications consultancy and was a co-founder in Australia of the global photographic agency, the Image Bank (now Getty Images).

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments