Compliance Remains Problematic
Verizon recently released its annual report on payment card security standards and the news is not good. For the second straight year, the Verizon Payment Card Industry Compliance Report revealed that many businesses that accept credit or debit cards -- or both -- are struggling to achieve and maintain compliance with PCI DSS. As a result, consumers remain vulnerable to credit-card fraud and identity theft -- especially unsettling news as shoppers begin to put holiday shopping plans in motion.
According to the report, derived from more than 100 PCI DSS assessments conducted by Verizon’s team of qualified security assessors and data gathered by Verizon’s Investigative Response group while investigating real-world payment card data breaches, businesses are failing to maintain compliance even though they face steep penalties, including fines and increased transaction fees from the credit card brands.
Among the key findings from the report: Only 21 percent of organizations were fully compliant during the initial audit. The report notes that the difficulty in achieving compliance, overconfidence, complacency and the need to focus on other compliance and security issues are among the possible reasons for the widespread PCI noncompliance.
Not surprisingly, lack of PCI compliance continues to be linked to data breaches. The report demonstrates that breached organizations are more likely not to be PCI compliant and are more likely to suffer from identity theft and fraud issues.
The report outlines a handful of recommendations intended to help businesses meet their PCI compliance goals. Chief among them: Treat compliance as an everyday, ongoing process. Compliance requires continuous adherence to the standard.
Verizon also recommends that retailers take a cautious approach to self-validating. Level 1 and 2 merchants -- who process the highest volumes of cardholder transactions -- are allowed to assess themselves against the standard. Still, Verizon recommends that an objective third party validate the scope of the assessment or perform the testing.
After studying the findings, Andrea Woroch, a nationally recognized consumer and money-saving expert for Kinoli Inc., created a list of tips for consumers. “The best way to protect your personal data is to not give it out at all, but that’s nearly impossible in today’s global marketplace,” admits Woroch. “You could live entirely off ‘the grid,’ or you can follow these tips for protecting this vital information.” The top five recommendations on her list:
Play it close to the vest. Provide businesses with limited data and on a need-to-know basis.
Block your IP address. When shopping or banking online, the business’s server can identify where you live and read other personal data through your Internet Protocol (IP) address. Hide this information.
Pay with cash. Ultimately, paying with cash is a frugal move anyway, as we’re less likely to part with those green bills than to simply whip out the plastic.
Use a credit card. Credit cards offer consumer protections you won’t find with debit cards.
Watch for multiple swipes. If a cashier is swiping your card more than once because “it didn’t register,” you may be charged twice or the cashier could be using the second swipe as a way to copy the data from the magnetic strip to create an identical card.