A new report from Verizon Communications Inc, the American multinational telecommunications conglomerate, has revealed that a little more than a quarter of companies worldwide are fully compliant with the Payment Card Industry Data Security Standard requirements for payment security.
Verizon’s 2020 Payment Security Report found that only 27 per cent of organisations worldwide were in line with the full requirements of the PCI DSS.
US outfits were the least likely to comply with PCI DSS, with just 20 per cent of businesses examined by Verizon making the grade. European organisations fair better with around half of organisations complying, whilst APAC saw compliance rates of 70%.
Hospitality was the industry least likely to be compliant across the world, with a quarter of businesses in that sector meeting full compliance standards. Financial services led the way: 40 per cent of institutions in that sector met the rules in full.
“This is unacceptable," said Sampath Sowmyanarayan, President, Global Enterprise, Verizon Business. “Unfortunately, we see many businesses lacking the resources and commitment from senior business leaders to support long-term data security and compliance initiatives. Payment security has to be seen as an ongoing business priority by all companies that handle any payment data, they have a fundamental responsibility to their customers, suppliers and consumers."
An anonymous UK based SME offered to shed some light on a potential cause, stating within the report "The questions are so convoluted and confusing, and you can only put 'Yes', 'No' or 'Not sure' answers... which doesn't always fit. I fecking hate having to do it... too much technical speak and legalese and I have no idea what the majority of it means despite doing my best to understand it all."
Steve Biggs, CTO of Gala Technology, who have won numerous PCI DSS
accolades for simplifying compliance for merchants, stated “This report should be a wake-up call for businesses who are not taking compliance seriously. In this current pandemic environment, more and more card payments are being processed and organisations have a responsibility to protect their customers sensitive data. Perhaps, the industry needs to work harder to ensure that merchants are aware of the requirements, talking to people with straight, simplified terminology.”
Gala Technology Commercial Director, Steven Jones concurred “I totally agree. This report suggests that technical jargon can really hinder compliance rates, which has concerningly continued to fall. The same report in 2017 showed 55 per cent of organisations passing the "interim assessment" stage, which highlights an alarming percentage drop. We need to be collectively better at not telling merchants to be compliant but supporting them to understand why and how they can do so.
For example, our multi-award-winning payment solution, SOTpay, is a cost-effective way of removing card data from the merchant’s environment, helping to secure CNP payments, whilst reducing cost and negating fraud related chargebacks. We need the support of the payments eco-system to reach their merchants, allowing organisations like us to help them comply and keep themselves and their clients data safe.”