VPN Articles and News

Report Says 80% Of Global Merchants Failed Card Data Compliance Tests

Sunday, July 26th, 2015

If you use your Credit or Debit card to make purchases at your favorite retail stores then this piece of news may shock you! According to a new report published by Verizon Communications, as many as 80 percent of global merchants and retailers do not have sufficient safeguards in place to protect Credit/Debit card information. The report is based on the results of this year’s edition of PCI compliance survey which assesses and validates data security measures deployed by merchants and service providers.

The 2015 edition of PCI compliance assessed over 5,000 retailers, merchants, financial institutions and hospitality firms from more than 30 countries. Among the organizations that were surveyed, compliance with Payment Card Industry Data Security Standard (PCI DSS) rose from 80 percent to 88.9 percent and the overall compliance increased by 18 percentage points in 11 out of 12 payment data security requirements. PCI DSS serves as a baseline standard which evaluates data security protocols along twelve different parameters including security configuration, maintenance of firewall and anti-virus programs, protection of stored data and data in transit, monitoring, testing and logging of security systems; having well-defined security policies in place as well as authenticating and restricting access to the data.

While the increase in compliance figures sounds like a good news, in reality most of the survey participants failed to sustain PCI compliance over longer periods of time. As per the report, only a handful of companies (28.6 percent to be precise) were PCI compliant less than a year after they cleared their annual inspection. This clearly shows that while the merchants and financial institutions make efforts to clear the annual inspection, security of customer data is still not their top priority. Verizon also says that although most merchants remain PCI compliant on paper, it seems their compliance lasts for just two or three weeks.

Verizon’s report also shows the areas in which the PCI compliance has gone up and where it has fallen. As per the company, authentication measures used to control access to data showed the most improvement while compliance for testing systems went down a bit. However, the report stresses that since the PCI DSS standards represent the minimum number of steps that retailers must take in order to protect consumer data, the compliance itself does not guarantee that the data would remain safe.

The fact that four out of five merchants failed basic compliance checks is indeed a bad news for consumers from countries like United States where a majority of transactions happen through Credit or Debit cards. Verizon has also mentioned in its report that of all the data breaches that occurred within the last 10 years, not one company was found to be PCI compliant at the time of the attack. The company also says that going by the number of data breaches which occurred during the last one year, it can be safely said that the security techniques currently being used by the retailers and service providers are not sufficient to slow down or stop the attackers.

July 26, 2015

Leave a Reply

Your email address will not be published. Required fields are marked *

7 + 1 =