Although the payment card industry combined its data protection programs into a single data security standard (PCI DSS) back in 2004, most organizations still haven’t achieved full compliance with it, according to Verizon’s 2019 Payment Security Report.
The data security standard contains a dozen broad requirements that organizations develop a secure network and systems, implement control measures, monitor, and so on. Just 36.7 percent of organizations are fully compliant with the standard and keep the necessary security controls in place, a figure down from a high of 55.4 percent in 2016, according to Verizon. Indeed, Verizon concludes, too many organizations are relying on a check-the-box routine without improving their ability to maintain compliance.
