Verizon’s 2019 Payment Security Report shows drop in PCI DSS compliance

Eckoh (AIM: ECK), the global provider of Secure Payment products and Customer Contact solutions, comments on the recently released Verizon Payment Security Report 2019, which highlights the disappointing drop in compliance to the Payment Card Industry Data Security Standard (PCI DSS) for the second year in a row. Compliance now stands at just 36.7% worldwide.

“While the report highlights that Europe is in a stronger position when it comes to compliance – achieving 48% compared to the US at 20.4% – it is still worrying to see that organisations are finding it difficult to maintain compliance and therefore risk exposing sensitive customer data and incurring fines in the event of a data breach,” comments Keith Ward, Technical Director at Eckoh.

Eckoh, having recently celebrated their tenth year of consecutive compliance to PCI DSS at the highest level, have also been encouraging contact centres to rethink their PCI DSS strategy because there is often a false sense of security that using multiple ‘solutions’ to achieve compliance, is simpler and cheaper. The truth is in fact the opposite, as manual interventions are simply not reliable enough and agents can still see and hear card details. Interrupting calls to transfer customers to an automated IVR or a clean room is a far from perfect customer experience and these solutions often have disappointing success rates.

“With CallGuard, contact centres can easily achieve and maintain PCI DSS compliance because the patented solution prevents sensitive data from entering the IT environment in the first place by effectively putting a shield around the contact centre.” Continues Ward. “Simply put, if the data isn’t there it can’t be stolen. Having no data also removes the contact centre from the scope of PCI DSS making it simpler to achieve – and maintain – compliance, every minute of every day.”

With Card-Not-Present fraud set to reach £680m in the UK by 2021 and the findings of this report, it is timely that the PCI SSC will shortly issue the fourth version of the DSS which will involve major changes to the standard. At the same time, Eckoh urges organisations to address both security and compliance to ensure they can minimise the ever-growing risks around customer data.