Understanding what PCI is and the importance of meeting these requirements should be at the top of every merchant’s priority list, as it could mean the difference between a secure or vulnerable data system.
PCI DSS, which stands for Payment Card Industry Data Security Standards, aim to strengthen business computer systems and protect consumer card data from hackers. Although merchants are supposed to comply with these standards, not all do.
Here are some recent statistics about PCI merchant compliance to help you understand its importance:
“In 2016, for the first time, more than half (55.4%) of organizations were fully PCI DSS compliant at interim validation—compared with 48.4% in 2015,” it states. “Full compliance has increased almost five-fold compared to our analysis of 2012 assessments.”
Nevertheless, this leaves about 45 percent of businesses failing to adhere to these standards, and the report highlights a possible correlation between those non-compliant and security breaches.
“Many of the security controls that were not in place cover fundamental security principles that have broad applicability,” it explains. “Their absence could be material to the likelihood of an organization suffering a data breach.
“Indeed, no organization affected by payment card data breaches was found to be in full compliance with the PCI DSS during a subsequent Verizon PCI forensic investigator (PFI) inquiry,” continues the report.
“Of all payment card data breaches Verizon investigated, no organization was fully compliant at the time of breach, and showed lower compliance with 10 out of the 12 PCI DSS key requirements,” adds the PR Newswire article.
“When looking at the PCI controls that companies would be expected to have in place (such as security testing, penetration tests etc.), the report found an increased 'control gap,' meaning that many of these basics were absent," it continues. "In 2015, companies failing their interim assessment had an average of 12.4 percent of controls absent; this has increased to 13 percent in 2016.”
So while the aforementioned figures regarding greater overall compliance show promise, there is still a long way to go within this industry. This is in line with how the majority of consumers feel about the security of their card information.
As reported in a September 2017 article by payments and commerce news source PYMNTS.com, a new survey, in which 3,000 adults participated, “found that 85 percent of adults across the United States, the United Kingdom and Australia believe fraud attempts on debit and credit cards are on the upswing.”
Furthermore, of these participants, more than half were “concerned about data security," and 38 percent had reason to believe their personal card data had already been exploited by hackers.
The younger participants—ages 18 to 24—appeared to be the most skeptical about in-store data security, with the article suggesting this may have something to do with this group's technological savviness. However, they're also making most of their purchases online, which poses additional threats to their private information, especially considering that consumers cannot utilize their EMV cards via the internet.
Such statistics underscore why businesses must adhere to the PCI merchant compliance requirements. If consumers do not trust an organization—retail store, supermarket or hotel, for instance—and believe their card data could be stolen, they may not choose to shop there.
This could significantly impact a company’s bottom line, as well its reputation as a secure, trustworthy business that cares about its customers.