Verizon has revealed a drop in payment security compliance for the first time in six years, making businesses more vulnerable to cyber crime.
PCI DSS compliance helps protect payment systems from breaches and theft of cardholder data.
The 2018 Payment Security Report (PSR) found that 52.5% of organisations were fully compliant with the security standards last year, compared to 55.4% in 2016.
Verizon said that this downward trend in payment security compliance indicates the need for ongoing compliance maintenance and measurement.
The report highlights regional differences, with businesses in the Asia-Pacific region being more likely (77.8%) to achieve full compliance, followed by those in Europe (46.4%) and the Americas (39.7%).
According to the company, these differences can be due to timing of geographical compliance roll-out strategies, maturity of IT systems or cultural appreciation of awards/recognition.
IT services was found to be the most compliant business sector at 77.8%, while retail was 56.3% compliant and financial services stood at 47.9%. Hospitality sector demonstrated the lowest compliance sustainability (38.5%).
Verizon global managing director for security consulting Rodolphe Simonetti said: “PCI Compliance standards are slipping across global businesses and this simply can’t continue. Consumers and suppliers alike trust brands to secure their payment data, so we must act now to remedy this state of affairs.
“We urge businesses to reassess their measurement methodologies for PCI control effectiveness, and to concentrate on managing the sustainability of their data protection.”
Verizon’s recommended nine factors of control effectiveness and sustainability for the 12 key PCI DSS standard requirements.
These factors are: controlling of environment, design, risk, robustness, life-cycle management and resilience, performance management, maturity measurement, and self-assessment.