A Verizon report highlights that more organizations are compliant with PCI DSS, but companies still struggle with security controls.
Enterprises are complying with the Payment Card Industry Data Security Standard (PCI DSS) more, but the number of organizations in compliance is still low enough to leave the door open for cyberattacks, according to Verizon.
First, the good news. According to the Verizon 2017 Payment Security Report, 55.4 percent of organizations complied with PCI when validated in 2016, up from 48.4 percent in 2015. However, maintaining compliance is an issue, said Verizon.
And there are still 44.6 percent of organizations such as retailers, restaurants and hotels not up to PCI standards. PCI DSS standards are there to allow businesses to take card payments and protect systems from cardholder data breaches. The requirements include items such as firewalls, data in transit controls, encryption and authentication.
That lack of compliance is notable because of all of the payment card data breaches investigated by Verizon no organizations were fully compliant at the time of the breach. Simply put, PCI DSS compliance is directly linked to data breaches.
Also: Ransomware incidents surge, education a hot bed for data breaches, according to Verizon
Meanwhile, of the companies that pass validation almost half of them fall out of PCI DSS compliance within a year.
Key items from the Verizon payment security report:
Verizon added that enterprises need to consolidate security controls for easier management, develop expertise and their people, maintain internal controls and interlink them and automate.
