Verizon Payment Security Research Exposes Execution Issues

A. DeCarlo
A. DeCarlo

Summary Bullets:

  • Verizon’s annual Payment Security Report captures a snapshot of organizations struggling to continue successful controls and best practices over time.
  • The evidence shows those who do are rewarded with a better fortified defense against breaches.

Fifteen years after the payment card industry settled on a single data security standard with PCI DSS, there are indications that too many organizations’ security practices haven’t risen to the level of maturity which would have been anticipated at this point.  In Verizon’s annual survey of payment card industry security practices, only 37% of the 302 surveyed enterprises sustain full compliance with the 12 specifications outlined in PCI DSS consistently over time.  Effectively, most organizations are focusing on meeting the basic requirements rather than developing consistent and effective security practices – not unlike a procrastinating student who is just looking to pass the test.  Just 18% check to see if they are meeting PCI DSS specifications more often than what the standard mandates. Continue reading “Verizon Payment Security Research Exposes Execution Issues”