Get Compliant, Stay Compliant – the Verizon Payment Security Report is Live

Last week, Verizon launched its 2017 Payment Security Report (PSR).  Similar to our Data Breach Investigations Report, the PSR analyzes data from actual assessments carried out by Verizon's team of Payment Card Industry Data Security Standard (PCI DSS) Qualified Security Assessors. The analysis covers Fortune 500 and large multinational firms in more than 30 countries around the world.

The report shows that there is a clear link between PCI DSS compliance, and an organization’s ability to defend itself against cyberattacks. Put simply, if you are not compliant, your payment systems are more likely to be breached. In fact, of ALL the payment card data breaches Verizon investigated, no organizations were found to be fully compliant at the time of breach, demonstrating lower compliance with 10 out of the 12 PCI DSS key requirements.

Cyberattacks continue to make headlines around the world, with organizations increasingly understanding the importance of protecting their customers’ personal information – and the impact on their reputation if they fail to do so. Indeed, Verizon’s own Data Breach Investigations Report outlined our latest take on the threat landscape earlier in the year. Today, we’re all used to handing over our card to make a purchase, or entering our information online – and we trust those organizations taking our money to look after our data. Exposing payment card information can seem like the biggest breach of customer trust of all. But if compliance with the PCI DSS standard can protect payment card information, why aren’t more organizations doing this?

The answer is: it’s difficult. It’s hard to get compliant, and even harder to keep compliant over time. The report shows that more than 40 percent of the organizations assessed by Verizon are still not meeting compliance standards – and of those that pass validation, nearly half fall out of compliance within a year.

But here’s where the Verizon team can help. Verizon is a highly respected security consultancy, and has carried out more than 15,000 PCI security assessments since 2009, including for Fortune 500 and large multinational organizations. We also regularly interact with the people who set PCI standards, so we know we can manage the compliance process efficiently. So we can help. We can help you get compliant, and stay compliant. You can find out more about our consulting services on our website.

The 2017 PSR basically proves that compliance is not just a tick in the box – it’s a real tool to help protect your organization, and your customers. I urge you to read it. I also urge you to act on its advice. Thank you.