Verizon PSR 2020: payments, security and compliance

The tenth edition of Verizon Business' Payment Security Report sheds light on a phenomenon that sees companies facing a critical period in terms of compliance with the requirements of payment security standards. This is despite the involvement of figures such as CISO (Chief Information Security Officer) and qualified managers.

Verizon Business Payment Security Report 2020

For the third consecutive year there is a trend that may be summarized as a weakening of compliance mainly due to the lack of long-term strategies on the part of business leaders. This is how Sampath Sowmyanarayan, President of Global Enterprise of Verizon Business, comments on the results of the study referring to the recent increase in the use of contactless payments.

Unfortunately, we see that many companies lack the resources and commitment from the executives to support long-term compliance and data security initiatives. This is unacceptable. The recent coronavirus pandemic has moved consumers away from the use of cash by pushing them towards contactless payment methods with cards and mobile devices. This has resulted in a greater volume of electronic payment data, and consumers trust companies to safeguard their information.

Our 2020 Payment Security Report is here. Learn valuable insights about the threats to payment data for your business.

- Verizon Business (@VerizonBusiness) October 6, 2020



Looking at the data collected, only 27.9% of the organizations called into question say they were able to maintain full compliance with the Payment Card Industry Data Security Standard (PCI DSS): a sharp decline, even by 27.5% if compared with that of 2016. Again, only 51.9% test their systems and processes. About a third do not track or monitor access to critical business systems adequately and 29.4% do not maintain essential perimeter security controls in place. Sowmyanarayan continues.

Payment security must be seen as a constant corporate priority by all organizations that manage payment data, as they have a fundamental responsibility towards their customers, suppliers and consumers.

This is a gap to be filled as soon as possible, also in light of what emerged from the recent Data Breach Investigations Report 2020 published in May by Verizon Business. According to the study, cybercriminals are increasingly focusing on actions that target payment data, considered to be among the most coveted and profitable targets: 90% of violations are for economic purposes. Suffice it to think that in the retail sector alone, 99% of the analyzed incidents aimed at their acquisition for fraudulent uses. While they generally have less payment data to process and store than larger companies, they have less resources and budget to invest in this front. Often the necessary measures are perceived by them as too expensive in terms of time and money, although essential.

A challenge also for those who hold the position of CISO, engaged in the design, implementation and maintenance of an effective and sustainable strategy. The problems to be taken into account are of different nature: technological, organizational and economic. You can consult the full version of the report by following the link at the end of the article.

Source: Verizon Business