STOCK TITAN

Only 1 in 4 Global Organizations Keep Cardholder Payment Data Secure

Rhea-AI Impact
(Low)
Rhea-AI Sentiment
(Negative)
Tags
Rhea-AI Summary

Verizon Business has released its 2020 Payment Security Report, highlighting a significant decline in payment security compliance among global organizations. Only 27.9% maintained full compliance with the Payment Card Industry Data Security Standard (PCI DSS), marking a 27.5 percentage point drop since 2016. The report attributes this decline to a lack of long-term security strategies and executive commitment. It emphasizes the increasing vulnerabilities as businesses transition to electronic payments, revealing that 99% of retail security incidents target payment data.

Positive
  • Highlighting the need for long-term security strategies positions Verizon as a thought leader in payment security.
  • The report marks the 10th anniversary edition, showcasing Verizon's ongoing commitment to payment security.
Negative
  • Only 27.9% of organizations achieved full compliance with PCI DSS, indicating systemic weaknesses.
  • 27.5 percentage point drop in compliance over three years raises concerns about the effectiveness of existing security measures.
  • Small and medium-sized businesses struggle with payment data security due to limited resources, impacting compliance.

Verizon Business 2020 Payment Security Report (PSR) cites lack of long term security strategies by business leaders behind 3rd year decline in payment security compliance

Key findings include:

  • Only 27.9 percent of global organizations were able to maintain full compliance with the Payment Card Industry Data Security Standard (PCI DSS)
  • Staggering 27.5 percentage point drop in compliance since 2016 as reported in the 2017 PSR
  • Lack of long term strategies and leadership commitment cited as root cause
  • 10th anniversary edition of the Verizon Business Payment Security Report

BASKING RIDGE, N.J., Oct. 06, 2020 (GLOBE NEWSWIRE) -- Global organizations continue to put their customers’ cardholder data at risk due to a lack of long term payment security strategy and execution, flags the newly released Verizon Business 2020 Payment Security Report (2020 PSR). With many companies struggling to retain qualified CISOs or security managers, the lack of long-term security thinking is severely impacting sustained compliance within the Payment Card Industry Data Security Standard (PCI DSS).

Payment data remains one of the most sought after and lucrative targets by cybercriminals with 9 out of 10 data breaches being financially motivated, as highlighted by the recent  Verizon Business 2020 Data Breach Investigations Report (2020 DBIR). Within the retail sector alone, 99 percent of security incidents analyzed by the 2020 DBIR were focused on acquiring payment data for criminal use.

The 2020 PSR found that on average only 27.9 percent of global organizations maintained full compliance with the PCI DSS, which was developed to help businesses that offer card payment facilities protect their payment systems from breaches and theft of cardholder data. More concerning, this is the third successive year that a decline in compliance has occurred with a 27.5 percentage point drop since compliance peaked in 2016 (as seen in the 2017 PSR).

“Unfortunately we see many businesses lacking the resources and commitment from senior business leaders to support long-term data security and compliance initiatives. This is unacceptable,” said Sampath Sowmyanarayan, President, Global Enterprise, Verizon Business. “The recent coronavirus pandemic has driven consumers away from the traditional use of cash to contactless methods of payment with payment cards as well as mobile devices. This has generated more electronic payment data and consumers trust businesses to safeguard their information. Payment security has to be seen as an on-going business priority by all companies that handle any payment data, they have a fundamental responsibility to their customers, suppliers and consumers.” 

Additional findings within the 2020 PSR shine a spotlight on security testing where only a little more than half of the organizations (51.9 percent) successfully test security systems and processes as well as unmonitored system access and where approximately two-thirds of all businesses track and monitor access to business critical systems adequately. In addition, only 7 out of 10 financial institutions (70.6 percent) maintain essential perimeter security controls.

“This report is a welcome wake-up call to organizations that strong leadership is required to address failures to adequately manage payment security. The Verizon Business report aligns well with Omdia’s view that the alignment of security strategy with organizational strategy is essential for organizations to maintain compliance, in this case with PCI DSS 3.2.1 to provide appropriate levels of payment security. It makes clear that long-term data security and compliance combines the responsibilities of a number of roles, including the Chief Information Security Officer, the Chief Risk Officer, and Chief Compliance Officer, which Omdia concurs with,” comments Maxine Holt, senior research director at Omdia (previously known as Ovum).

Lack of compliance impacts all businesses regardless of size
Small and medium-sized businesses (SMB) were flagged as having their own unique struggles with securing payment data. While smaller businesses generally have less card data to process and store than larger businesses, they have fewer resources and smaller budgets for security, impacting the resources available to maintain compliance with PCI DSS. Often the measures needed to protect sensitive payment card data are perceived as too time-consuming and costly by these smaller organizations, but as the likelihood of a data breach for SMBs remains high it is imperative that PCI DSS compliance is maintained.

The on-going CISO challenge
The report also explores the challenges CISOs face in designing, implementing and maintaining an effective and sustainable security strategy, and how these can ultimately contribute to the breakdown of compliance and data security management. These problems were not found to be technological in nature, but as a result of organizational weaknesses which could be resolved by more mature management skills including creating formalized processes; building a business model for security as well as defining a sound security strategy with operating models and frameworks.

About the Verizon Business 2020 Payment Security Report
Verizon has published the Payment Security Report (PSR) since 2010, the first-ever study on the actual value and performance of the Payment Card Industry Data Security Standard (PCI DSS). The report is based on global data gathered by PCI DSS qualified security assessors (QSAs) from Verizon and other five external contributors.

More information on how Verizon Business can help may be located here.

Verizon Communications Inc. (NYSE, Nasdaq: VZ) was formed on June 30, 2000 and is celebrating its 20th year as one of the world’s leading providers of technology, communications, information and entertainment products and services. Headquartered in New York City and with a presence around the world, Verizon generated revenues of $131.9 billion in 2019. The company offers data, video and voice services and solutions on its award winning networks and platforms, delivering on customers’ demand for mobility, reliable network connectivity, security and control.

VERIZON’S ONLINE MEDIA CENTER: News releases, stories, media contacts and other resources are available at https://www.verizon.com/about/media-center. News releases are also available through an RSS feed. To subscribe, visit www.verizon.com/about/rss-feeds/.

Media contacts:

Nil Pritam (APAC)
+65.6248.6599
nilesh.pritam@sg.verizon.com
Clare Ward (EMEA)
+44.118.905.3501
clare.ward@uk.verizon.com
Kyle Ragonese (US)
+1 732.236.3526
kyle.ragonese@verizon.com   

 

FAQ

What are the key findings from the Verizon Business 2020 Payment Security Report?

The report reveals that only 27.9% of organizations maintained full PCI DSS compliance, down 27.5 percentage points since 2016, due to lack of long-term security strategies.

How has payment security compliance changed according to the Verizon 2020 PSR?

There has been a third consecutive year of decline in payment security compliance, with a significant drop since compliance peaked in 2016.

What is the root cause of the decline in PCI DSS compliance as stated in the Verizon report?

The report cites a lack of long-term security strategies and commitment from business leaders as the main reasons for the decline.

What challenge do small and medium-sized businesses face regarding payment security?

SMBs often lack the resources and budget necessary to maintain PCI DSS compliance, despite being at high risk for data breaches.

How does the Verizon report relate to cybercrime targeting payment data?

The report emphasizes that 9 out of 10 data breaches are financially motivated, underscoring the importance of payment security.

Verizon Communications

NYSE:VZ

VZ Rankings

VZ Latest News

VZ Stock Data

180.99B
4.21B
0.04%
65.53%
1.2%
Telecom Services
Telephone Communications (no Radiotelephone)
Link
United States of America
NEW YORK