Article

Back

2017 Payment Security Report

Revealing the challenges in sustaining payment card security

by Ciske van Oosten | Verizon RISK Team | 11/07/2017

In 2016, for the first time, more than half (55.4%) of organizations were fully PCI DSS (see below) compliant at interim validation—compared with 48.4% in 2015. Full compliance has increased almost five-fold compared to our analysis of 2012 assessments.

Despite this general improvement, the control gap of companies failing their interim assessment has actually grown worse. In 2015, companies failing their interim assessment had an average of 12.4% of controls not in place (6.8% across all companies). In 2016, this increased to 13.0% (5.8%).

Many of the security controls that were not in place cover fundamental security principles that have broad applicability. Their absence could be material to the likelihood of an organization suffering a data breach. Indeed, no organization affected by payment card data breaches was found to be in full compliance with the PCI DSS during a subsequent Verizon PCI forensic investigator (PFI) inquiry.

This report delves into the detail of payment security and PCI DSS compliance and analyzes compliance patterns and control failures from global, regional, and industry perspectives. It’s the only major industry publication based on data from real compliance validation assessments.

The inclusion of insights from our Data Breach Investigations Report (DBIR) specific to companies that have suffered from payment card data breaches makes this report a unique resource for compliance professionals.

To read more, please log in

Junto Plus

A Q&A with Scott Diamond of Chicago Crypto Network, LLC

Blockchain is an emerging technology with the potential to greatly reduce cyber risk and ensure data integrity. To find out more about how it works and why organizations can benefit from rethinking their business processes, I talked to Scott Diamond of Chicago Crypto Network.

01/08/18 | Junto Plus

HHS Breach Data

Number Reported: 1928

Latest Incident
Capital Nephrology
State:
MD
# of Records:
4000
Type of Breach:
Hacking/IT Incident