A little more than a quarter of companies worldwide are fully compliant with the exacting PCI DSS online payment security standard, according to US telco Verizon.
The company's 2020 Payment Security Report found that only 27 per cent of organisations worldwide were in line with the full ambit of the PCI DSS (Payment Card Industry Data Security Standard) for handling payment card data in online purchases.
"Unfortunately we see many businesses lacking the resources and commitment from senior business leaders to support long-term data security and compliance initiatives. This is unacceptable," said Sampath Sowmyanarayan, president, Global Enterprise, Verizon Business. "Payment security has to be seen as an ongoing business priority by all companies that handle any payment data, they have a fundamental responsibility to their customers, suppliers and consumers."
Compounding that, Verizon also said that PCI DSS compliance has fallen by 27 percentage points since 2016, with 2017's report seeing 55 per cent of orgs passing the "interim assessment" stage.
A UK-based small business owner offered to shed a little light on the report's main finding for The Register anonymously, lest he trigger the wrath of his payment provider. He said: "The questions are so convoluted and confusing, and you can only put 'Yes', 'No' or 'Not sure' answers... which doesn't always fit. I fecking hate having to do it... too much technical speak and legalese and I have no idea what the majority of it means despite doing my best to understand it all."
More worryingly, Verizon reckoned that just 70 per cent of financial institutions "maintain essential security perimeter controls".
US outfits were the least likely to comply with PCI DSS, with just 20 per cent of orgs examined by Verizon making the grade. APAC, meanwhile, saw compliance rates of 70 per cent with Europe sitting in the middle at around half of organisations complying with the standard.
Hospitality was the industry least likely to be compliant across the world, with a quarter of businesses in that sector meeting full compliance standards. Financial services led the way: 40 per cent of institutions in that sector met the rules in full.
Some things don't change. More than a decade ago, a survey carried out by the Ponemon Institute found that companies were struggling even back in the 2000s with PCI DSS. The standard was first devised in 2005. ®