Verizon's 2019 Payment Security Report shows drop in PCI DSS compliance

News & Insights

13 Nov 2019

Eckoh says achieving and maintaining compliance can be simpler

Verizon Payment Security 900

Eckoh (AIM: ECK), the global provider of Secure Payment products and Customer Contact solutions, comments on the recently released Verizon Payment Security Report 2019, which highlights the disappointing drop in compliance to the Payment Card Industry Data Security Standard (PCI DSS) for the second year in a row. Compliance now stands at just 36.7% worldwide.

"The report highlights that only 20.4% of US organizations were fully compliant at the interim assessment stage. It is worrying to see that there are a growing number of organizations that are still exposing their business and their customer data to risk of fraud and the impact of a data breach", comments Keith Ward, Technical Director at Eckoh.

Eckoh, having recently celebrated their tenth year of consecutive compliance to PCI DSS at the highest level, have also been encouraging contact centers to rethink their PCI DSS strategy because there is often a false sense of security that using multiple 'solutions' to achieve compliance, is simpler and cheaper. The truth is in fact the opposite, as manual interventions are simply not reliable enough and agents can still see and hear card details. Interrupting calls to transfer customers to an automated IVR or a clean room is a far from perfect customer experience and these solutions often have disappointing success rates.

"With CallGuard, contact centers can easily achieve and maintain PCI DSS compliance because the patented solution prevents sensitive data from entering the IT environment in the first place by effectively putting a shield around the contact center." Continues Ward, "Simply put, if the data isn't there it can't be stolen. Having no data also removes the contact center from the scope of PCI DSS making it simpler to achieve - and maintain - compliance, every minute of every day."

With Card-Not-Present fraud set to reach $7.2billion by 2020 [1] and the findings of this report, it is timely that the PCI SSC will shortly issue the fourth version of the DSS which will involve major changes to the standard. At the same time, Eckoh urges organizations to address both security and compliance to ensure they can minimize the ever-growing risks around customer data.

For more information please contact

[1] Iovation and Aite Group