alphaspirit - Fotolia
In this week's Risk & Repeat podcast, SearchSecurity editors discuss new research from Verizon on payment card security and the effectiveness of PCI DSS compliance for enterprises.
The effectiveness of PCI DSS requirements has been debated for years, but a new report from Verizon suggests payment card security may be improved through compliance.
Verizon's "2017 Payment Security Report" highlights a number of trends around PCI DSS compliance and payment card security for retailers and merchants. For example, the report states that 55.4% of the companies Verizon assessed were fully compliant at interim validation for PCI DSS, which marked a significant increase from the previous year.
However, the report also showed the companies that were not compliant were missing PCI DSS requirements by a wider margin in 2016 than previous years.
In addition, Verizon noted that of the nearly 300 payment card security breaches it investigated from 2010 to 2016, not a single organization was fully PCI DSS compliant at the time of the breach. The report did not draw a correlation between compliance and data breach prevention, but the data point suggests PCI DSS compliance may have benefits for enterprises beyond being able to check boxes.
Does achieving -- and maintaining -- full PCI DSS compliance actually improve enterprises' payment card security? What's holding noncompliant organizations back from meeting the requirements? After the PCI DSS 3.2 update last year, how will these requirements evolve in the future? SearchSecurity editors Rob Wright and Peter Loshin discuss those questions and more in this episode of the Risk & Repeat podcast.
Risk & Repeat: Smaller infosec conferences on the rise
Risk & Repeat: New theory claims DNC hack was an inside job
Risk & Repeat: MalwareTech indictment raises questions