This article originally appeared at The WHIR
Online retailers are struggling with an increased number of security breaches. According to the 2015 PCI Compliance Report released by Verizon in March, 80 percent of businesses fail interim PCI compliance assessment.
The study examined PCI DSS assessment data focusing on the Americas, Europe and APAC with industries including financial services, retail and hospitality.
With the volume of security incidents up an average of 66 percent a year since 2009, it’s important for online retailers to be aware of the significant challenges they are facing.
Mobile ecommerce is also growing very quickly but not currently subject to the same PCI standards as traditional ecommerce. Canadians experienced agrowth rate in mobile ecommerce of about 11 percent while China’s Alipay reported growth of over 30 percent.
“Mobile solutions may collect, store and use payment data in different ways and different locations,” Verizon’s report said. “And although payment applications developed for use on customer mobile devices are not currently subject to PCI PA-DSS requirements, they still need to comply with the secure application development controls in PCI DSS.
According to the report, “[w]ith more than two-thirds of all purchases made with payment cards and $20 trillion in credit card transactions expected for 2015, security has become a top priority for organizations that accept credit cards.”
This increase in security breaches is evidenced by several high profile cases within the last year. Large retailers Home Depot, Kmart and Dairy Queen all experienced hacks exposing sensitive customer credit card information.
“Another troubling trend from this year’s report is that data security is still inadequate,” said Rodolphe Simonetti, managing director, professional services for Verizon Enterprise Solutions. “The volume and scale of data breaches in the past 12 months is proof that current security techniques are not stopping attackers — in many cases they aren’t even slowing them down. PCI DSS compliance must be viewed as part of a comprehensive information security and risk-management strategy.”
Even after initially passing PCI DSS compliance only 29 percent of companies remain so less than a year after first being validated. However, almost twice as many companies were validated as compliant in 2014 compared to 2013.
“The three key areas where organizations fall out of compliance are: regularly testing security systems, maintaining secure systems and protecting stored data,” said Simonetti. “Of all the data breaches studied, Verizon’s findings clearly show that not a single company was fully PCI DSS-compliant at the time of the breach.”
The latest version of the PCI DSS and PA-DSS requirements became effective on January 1, 2015.