Just 25% of global businesses are complying with the PCI DSS.
New figures from US telco Verizon paints a bleak picture of cybersecurity surrounding customer card data. According to the company’s 2020 Payment Security Report, a little more than a quarter of companies worldwide are fully compliant with the exacting Payment Card Industry Data Security Standard (PCI DSS).
PCI DSS maintains, promotes and evolves a high standard for the Payment Card Industry, ensuring that card transactions are carried out safely, with all card data remaining protected throughout.
The framework is designed to benefit merchants of all sizes, as well as financial institutions, point-of-sale vendors, and hardware and software developers.
Founded in 2006 by American Express, Discover Global Network, JCB International, MasterCard and Visa Inc., PCI DSS also gives customers peace of mind that their details are kept safe when purchasing.
But Verizon’s report shows that the vast majority of businesses are failing to meet these standards. Only 27 per cent of organisations worldwide were in line with the full ambit of the PCI DSS for handling payment card data in online purchases.
This is particularly alarming in an age where – thanks largely to the COVID-19 pandemic – card payments and online shopping are more popular and more necessary than ever before. These figures highlight the need for IT support experts when it comes to ensuring PCI DSS compliance.
”This is unacceptable”
Sampath Sowmyanarayan, president, Global Enterprise, Verizon Business, gave his reaction to the findings, highlighting both a lack of available resources for businesses alongside a lack of commitment from the higher end of organisations themselves.
“Unfortunately, we see many businesses lacking the resources and commitment from senior business leaders to support long-term data security and compliance initiatives. This is unacceptable.
“Payment security has to be seen as an ongoing business priority by all companies that handle any payment data, they have a fundamental responsibility to their customers, suppliers and consumers.”
These results reflect a significant dip in the number of businesses practicing compliance. Verizon reports that PCI DSS compliance has fallen by a huge 27 percentage points since 2016. A similar report carried out in 2017 found that 55 per cent of organisations were passing the “interim assessment” stage of PCI DSS compliance.
Verizon also suggests that just 70 per cent of financial institutions “maintain essential security perimeter controls.” US organisations were the least likely to comply with PCI DSS regulations, according to the report.
Just 20 per cent – or one in five – businesses examined by Verizon lived up to the necessary standard. The Asia-Pacific showed the highest level of compliance at 70 per cent.
Europe as a whole sat in the middle of the results, with around half of all organisations complying with the PCI standard.
“Too much technical speak”
These statistics show that there is still plenty of work for businesses to do, but many business owners see PCI DSS compliance as an impossible task.
Speaking anonymously to global technology news publication The Register, one UK-based small business owner expressed their frustration about meeting the standard.
“The questions are so convoluted and confusing, and you can only put ‘Yes’, ‘No’ or ‘Not sure’ answers, which doesn’t always fit.”
This particular business owner denounced the compliance process for having “too much technical speak and legalese. ”They say that, ultimately, they “have no idea what the majority of it means despite doing my best to understand it all.”
PCI DSS touches the lives of millions of people all over the world. Any confusion surrounding the requirements for compliance only serve to further highlight the importance of IT support experts who can promptly and effectively guide businesses through the process.