Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

9/25/2018
01:20 PM
50%
50%

Payment Security Compliance Takes a Turn for the Worse

This is the first time in six years that Verizon's "Payment Security Report" shows a downward trend, leaving cardholders vulnerable.

Businesses are failing to stay up-to-date with the Payment Card Industry Data Security Standard (PCI DSS), data shows, with the number of fully compliant organizations falling for the first time in six years.

Verizon today released its "2018 Payment Security Report," which shows only 52.4 percent of organizations were fully compliant with PCI DSS in 2017 compared with 55.4 percent in 2016. PCI DSS has been shown to protect payment systems from breaches and data theft; now, businesses are failing to maintain PCI DSS compliance and leaving cardholders vulnerable.

Compliance varies by geography and business sector, as well as the timing of geographical compliance rollout strategies and maturity of IT systems, researchers report. The goal of their report is not to convince IT and security leaders of the need for PCI compliance, but to emphasize the need to regularly measure performance and control effectiveness.

Consider the industries evaluated in this year's study: Of all companies investigated around the world, those in IT services had the highest levels of compliance (77.8%), followed by retail (56.3%), financial services (47.9%), and hospitality (38.5%).

The gaps between how different industries handle electronic payments is significant, Verizon says.

"We urge businesses to reassess their measurement methodologies for PCI control effectiveness, and to concentrate on managing the sustainability of their data protection," stated Rodolphe Simonetti, Verizon's global managing director for security consulting.

Read more details in the report here.

 

Black Hat Europe returns to London Dec 3-6 2018  with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
9/27/2018 | 3:05:59 PM
IT 78%?
IT services had the highest levels of compliance (77.8%), Even IT is not enough in my view, this number should be way beyond 90% as they are supposed to know the trouble well enough.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
9/27/2018 | 3:03:58 PM
Re: financial services (47.9%)
So that fact that over 50% of them are failing to take best security practices towards compliance is a bit disheartening. As long as they protect themselves with an insurance they would not bother I would say.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
9/27/2018 | 3:02:55 PM
Re: financial services (47.9%)
These are the institutions that we trust to take care of our hard earned money. Yet they are the one not protecting it. The punishment may not be enough in my view.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
9/27/2018 | 3:01:35 PM
Re: financial services (47.9%)
However, what is alarming is how financial services is sitting below 50% for compliance. Yes that does not make sense at all. It should be cat higher than that.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
9/27/2018 | 3:00:31 PM
Worse?
I do not understand it could be worse first time in last six years, it was already worse, we keep hearing breached of credit cards.
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
9/26/2018 | 9:59:15 AM
financial services (47.9%)
I am not surprised at the decline. The drop from 2016 to 2017 seems negligable. However, what is alarming is how financial services is sitting below 50% for compliance. These are the institutions that we trust to take care of our hard earned money. So that fact that over 50% of them are failing to take best security practices towards compliance is a bit disheartening.
97% of Americans Can't Ace a Basic Security Test
Steve Zurier, Contributing Writer,  5/20/2019
TeamViewer Admits Breach from 2016
Dark Reading Staff 5/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: I told you we should worry abit more about vendor lock-in.
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-7068
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7069
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7070
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7071
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
CVE-2019-7072
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .