Highest level of payment card breaches.

US solutions provider Verizon has launched a payment security report on data protection and compliance that found nearly one-quarter of all organisations globally had no defined compliance program. Also, that payment security compliance has declined for the second year in a row.

The Verizon 2019 Payment Security Report concentrated on performance visibility, control and maturity of Data Protection and Compliance Programs (DPCPs) with a specific focus on retail, financial and IT services and hospitality.  Retail’s overall compliance with PCI DSS, which helps business offer card payment facilities protect their payment systems from breaches and theft of cardholder data, has tumbled to 36.4% in this year’s report, a decline from 56.3% last year.

As a trend, measured across six years, the retail sector had the highest level of global payment card breaches by industry (41.2%). Within the retail industry, mostly online retailers experience compromises, which is reflected in the sector’s low compliance and security maturity.

Confirmed data breaches by industry, six-year trend (Verizon PFI global caseload 2010–2016)

“After witnessing a gradual increase in compliance from 2010 to 2016, we are now seeing a worrying downward trend,” Verizon managing director for security consulting, Rodolphe Simonetti said.

“An increasing number of organisations are unable to obtain and maintain the required compliance for PCI DSS, which has a direct impact on the security of their customers’ payment data,” he said.

“With the latest version of the PCI DSS standard 4.0 launching soon, businesses have an opportunity to turn this trend around by rethinking how they implement and structure their compliance programs.

“Our data shows that we have never investigated a payment card security data breach for a PCI DSS compliant organisation.”

Organisations in the Asia-Pacific (APAC) region showed stronger ability to maintain full compliance: 69.6% maintained conformance to the security standard. However, fewer than one-quarter of all organisations in the Americas maintained full compliance, at 20.4%, which  is 49.1% fewer than the APAC average.