Are companies putting your credit card data at risk?
Companies’ compliance with specified consumer card payment protection standards is slipping across the globe for the first time in six years, a new Verizon report showed.
Verizon’s 2018 Payment Security Report showed “a concerning downtrend” in company compliance with the Payment Card Industry Data Security Standard, which was created to help businesses that accept card transactions secure their payment systems from breaches and consumer data theft. In 2017, Verizon found that only 52.4 percent of businesses fully met the standard, down from 55.4 in 2016.
“Consumers and suppliers alike trust brands to secure their payment data, so we must act now to remedy this state of affairs,” Rodolphe Simonetti, global managing director for security consulting at Verizon, said in a press release.
In the Americas, just shy of 40 percent of companies were complying with the standard, compared with 46 percent in Europe and nearly 78 percent in the Asia-Pacific region. Verizon attributed those regional differences to the timing of compliance rollout strategies and the maturity of IT systems.
In terms of industries, IT service firms had the highest level of compliance, while hospitality organizations had the lowest.
Verizon acknowledged that full compliance with the standard was not “an end goal for security,” saying instead it was “a measurement for an organization’s continued success in protecting data.” The standard was created by card brands.
Meanwhile, cybersecurity is becoming an increasing threat to consumers, businesses and government. According to IBM Security and the Ponemon Institute, the average cost of a data breach globally is $3.86 million. So-called “megabreaches,” or those where 1 million to 50 million records are lost, can cost companies up to $350 million.
A massive data breach at credit reporting agency Equifax last year compromised the personal information of more than 147 million consumers. More than 80 percent of consumers said they have been more diligent about protecting their data in the wake of that cyberattack.