Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    PCI-DSS Compliance Declining, Verizon Reports

    By
    Sean Michael Kerner
    -
    September 26, 2018
    Share
    Facebook
    Twitter
    Linkedin
      Verizon Payment Security 2018

      For six years in a row, Verizon has reported a steady increase in compliance with the PCI-DSS security standard for payment security. Unfortunately, it’s a trend that has now changed course.

      On Sept. 25, Verizon released its 2018 Payment Security Report, revealing a drop in Payment Card Industry Data Security Standard (PCI-DSS) compliance. In the 2018 report, 52.5 percent of organizations were compliant with PCI-DSS, declining from 55.4 percent that was reported last year.

      “It’s not a good trend,” Ciske Van Oosten, senior manager of Global Intelligence at Verizon, told eWEEK. “We know that organizations that do not maintain PCI-DSS compliance, those are the ones that get breached.”  

      Verizon also compiles the annual Data Breach Investigation Report (DBIR) and has correlated the cross-section of organizations that have been breached with those that are required to be PCI-DSS compliant. According to Verizon, over the last 14 years there has not been a single confirmed data breach of an organization that was fully PCI-DSS compliant at the time of its data breach.

      The decline in PCI-DSS compliance for the first time since 2012 is something that Van Oosten said Verizon last year predicted would likely happen. PCI-DSS compliance has grown significantly overall since 2013, when Verizon reported that only 11.1 percent of organizations were able to demonstrate compliance sustainability.

      Control Gap

      PCI-DSS includes a complex set of requirements for organizations to implement different mitigating controls to minimize risk. Van Oosten said the 2018 report is all about control effectiveness because there are more than 400 test procedures in PCI-DSS. 

      Compliance varies based on geography, with organizations in the Asia-Pacific region reporting the highest level of full PCI-DSS compliance at 77.8 percent. European organizations had a PCI-DSS compliance rate of 46.4 percent, while organizations in the Americas had the poorest showing at 39.7 percent. There is also a variance in PCI-DSS based on industry sector. IT services came out on top with 77.8 percent of organizations having full PCI-DSS compliance. In contrast, retail organizations had a compliance rate of 56.3 percent, and hospitality was only 38.5 percent.

      Among the PCI-DSS control gaps highlighted by Van Oosten is Requirement 10.

      “Only 8.4 percent of organizations that have a confirmed payment card data breach had Requirement 10 in place, which is a requirement to track and monitor access in place at the time of the breach,” he said. “Resilience, that ability to stay on top of things to monitor, is really key.”

      The core message from Verizon’s 2018 Payment Security Report is that organizations need to have a framework and policies in place to sustain the life cycle and management of security controls.

      “The problem of data protection is not that it’s a knowledge problem. The knowledge is out there. It’s not a technology failure either,” Van Oosten said. “It’s not that organizations experience data breaches because technology fails; rather, it’s really about proficiency.”

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Avatar
      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×