Eighty Percent of Global Merchants Fall Short on Card Data Security Compliance

March 11, 2015

Four out of five global retailers and other merchants failed interim tests to determine whether they are in compliance with payment card data security standards, putting them at increased risk of cyberattacks, according to a report by Verizon Communications Inc.

Businesses must be vigilant in maintaining security to remain compliant with the Payment Card Industry Data Security Standard (PCI DSS), required by payment card issuers. Most of the companies have a tendency to run upgrades of security software and hardware only when they approach an annual compliance check, according to Reuters.

The report found only 20 percent of those tested to be fully compliant less than a year after installing security safeguards. From 2013-2014, overall compliance went up by 18 percentage points for 11 out of the 12 payment data security standards, said Reuters.

Credit and debit cards account for two-thirds of purchases by value in the United States. A further $2.17 trillion is spent via electronic methods, such as PayPal and mobile payments — many of which are ultimately backed by card transactions, the report said.

http://www.reuters.com/article/2015/03/11/us-cybersecurity-usa-idUSKBN0M70BD20150311

With the advent of Internet of Things (IoT) technology and Industrial Internet of Things (IIoT), the cyber security practices are increasingly getting integrated with the physical security practices.

We will provide insight on NDAA Section 889 and how the act has evolved and impacted business, so that organizations can better mitigate risk and stay compliant.