CHICAGO (Reuters) - Four out of five global retailers and other merchants failed interim tests to determine whether they are in compliance with payment card data security standards, putting them at increased risk of cyberattacks, according to a new report by Verizon Communications Inc.
Businesses must be vigilant in maintaining security to remain compliant with the Payment Card Industry Data Security Standard (PCI DSS), required by payment card issuers. Most of the companies have a tendency to run upgrades of security software and hardware only when they approach an annual compliance check, according to Verizon.
The report, which gathered data in 30 countries by assessing more than 5,000 merchants including retailers, financial institutions and hospitality firms among others, found only 20 percent of those tested to be fully compliant less than a year after installing security safeguards.
From 2013-2014, overall compliance went up by 18 percentage points for 11 out of the 12 payment data security standards.
The report acknowledged the standards are only a baseline, an industry-wide minimal acceptable standard. The volume and scale of breaches in the past 12 months have shown that this is not stopping attackers, Verizon said.
However, out of all the data breaches in the past 10 years that Verizon studied, not a single company was found to be compliant at the time of the breach.
Credit and debit cards account for two-thirds of purchases by value in the United States. A further $2.17 trillion is spent via electronic methods, such as PayPal and mobile payments — many of which are ultimately backed by card transactions, the report said.
Reporting by Nandita Bose; Editing by Jim Finkle and Ken Wills