Sign up to our newsletter
Around 80 percent of global merchants including retailers, financial institutions and hospitality firms have failed interim tests that show they are not in compliance with card data security standards, reports Reuters.
A new Verizon report released this week assessed more than 5,000 merchants in 30 countries, finding only 20 percent were compliant with the Payment Card Industry Data Security Standard (PCI DSS), a framework set by card issuers such as MasterCard and Visa. Verizon said that most companies are in the habit of upgrading their security software and hardware as they approach an annual compliance check, but don’t remain vigilant throughout the year.
The PCI DSS is considered to be the minimum requirement for data security, with retailers facing a growing threat from cybercriminals in recent years. The recent massive data breaches at Target and Home Depot, for instance, both came from hackers exploiting the flaws in credit card security.
According to The Hill, the PCI DSS has three basic components; analysis of IT systems for vulnerabilities; patching of weaknesses and deletion of unnecessarily stored data; and the submitting of compliance records to banks and card companies.
Overall compliance with the standard went up by 18 percentage points between 2013 and 2014, according to CNBC, but of all the data breaches in the past 10 years not one of the victims was found to be compliant at the time of the attack.
More than a year after the Target data breach brought new awareness to the dangers of cybercrime, ESET’s senior security researcher Stephen Cobb reviewed the lessons we’ve learned, and provided seven ways companies and consumers can make 2015 a safer year.
Author Kyle Ellison, ESET