Verizon security report flags risks in card transactions

Person purchasing a gift card on their computer
Payment data remains one of the most sought after and lucrative targets by cybercriminals. Photo credit: Natnan Srisuwan / iStock / Getty Images Plus

The newly released Verizon Business 2020 Payment Security Report suggests global organizations are putting their customers’ cardholder data at risk due to a lack of long-term payment security strategy and execution. 

With many companies struggling to retain qualified chief information security officers or security managers, the lack of long-term security thinking is severely impacting sustained compliance within the Payment Card Industry Data Security Standard, according to the report.
 
Payment data remains one of the most sought after and lucrative targets by cybercriminals, with nine out of 10 data breaches being financially motivated, as highlighted by the recent Verizon Business 2020 Data Breach Investigations Report. Within the retail sector alone, 99 percent of security incidents analyzed by the 2020 DBIR were focused on acquiring payment data for criminal use.
 
The 2020 PSR found that on average only 27.9 percent of global organizations maintained full compliance with the PCI DSS, which was developed to help businesses that offer card payment facilities protect their payment systems from breaches and theft of cardholder data. More concerning, this is the third successive year that a decline in compliance has occurred, with a 27.5 percentage point drop since compliance peaked in 2016 (as seen in the 2017 PSR).
 
“Unfortunately we see many businesses lacking the resources and commitment from senior business leaders to support long-term data security and compliance initiatives. This is unacceptable,” said Sampath Sowmyanarayan, president, global enterprise, Verizon Business. “The recent coronavirus pandemic has driven consumers away from the traditional use of cash to contactless methods of payment with payment cards as well as mobile devices. This has generated more electronic payment data and consumers trust businesses to safeguard their information. Payment security has to be seen as an ongoing business priority by all companies that handle any payment data; they have a fundamental responsibility to their customers, suppliers and consumers.” 

Security Testing

Additional findings within the 2020 PSR shine a spotlight on security testing where only a little more than half of the organizations (51.9 percent) successfully test security systems and processes as well as unmonitored system access and where approximately two-thirds of all businesses track and monitor access to business critical systems adequately. In addition, only seven out of 10 financial institutions (70.6 percent) maintain essential perimeter security controls.

Virtual Event

HOTEL OPTIMIZATION PART 2 | Now Available On-Demand

Survival in these times is highly dependent on a hotel's ability to quickly adapt and pivot their business to meet the current needs of travelers and the surrounding community. Join us for Optimization Part 2 – a FREE virtual event – as we bring together top players in the industry to discuss alternative uses when occupancy is down, ways to boost F&B revenue, how to help your staff adjust to new challenges and more, in a series of panels focused on how you can regain profitability during this crisis.


Lack of Compliance

Small and medium-sized businesses were flagged as having their own struggles with securing payment data. While smaller businesses generally have less card data to process and store than larger businesses, they have fewer resources and smaller budgets for security, impacting the resources available to maintain compliance with PCI DSS. Often the measures needed to protect sensitive payment card data are perceived as too time-consuming and costly by these smaller organizations, but as the likelihood of a data breach for SMBs remains high it is imperative that PCI DSS compliance is maintained.

The CISO Challenge

The report also explores the challenges chief information security officers face in designing, implementing and maintaining an effective and sustainable security strategy, and how these can ultimately contribute to the breakdown of compliance and data security management. These problems were not found to be technological in nature, but as a result of organizational weaknesses which could be resolved by more mature management skills including creating formalized processes; building a business model for security as well as defining a sound security strategy with operating models and frameworks.

Suggested Articles

BarTouch Cloud provides hotels with manual minibars with the ability to track inventory levels and issue restock requests using any smart device.

A new entity will combine a number of brands, including Hoxton, Gleneagles, Delano, SLS, Mondrian, SO/, Hyde, Mama Shelter, 25h and 21c Museum Hotels.

After two years, the Galt House in Louisville, Ky., has completed its $80 million upgrade.