Cybercriminals want your payment card data (and they’ll do just about anything to get it)

By on

Did you know that over half of IT professionals don’t know where all their payment data is stored or located?

What’s even scarier is that 99% of cybercriminal attacks in the retail sector had their systems compromised within hours, with subsequent data exfiltrated in days or less in an astonishing 98% of cases.

It’s hard not to feel the real lead balloon falling on our heads when you consider that in 79% of all those cases, weeks or more passed before those retail organisations even realised they had been compromised by a breach.

It’s a scary and sad fact of life we all have to deal with – cybercriminals want your payment card data (and they’ll do just about anything to get it).

Considering that over 707 million records online containing personally identifiable information (PII), online credentials and card data were compromised in one year alone, and 54% of surveyed IT professionals admit to data breaches within their organisations involving payment data an average of four times in two years – the threat to us all is painfully real.

Protecting payment card data from cybercriminals is a full-time job

More so, actually, because a ‘full-time job’ implies you get some rest – really, this gig is 24×7, 365 days a year.

With the staggering 55% of IT professionals having no idea where all their payment data is stored, how long before their customers’ trust begins to waver? Can you really afford to carry on as you are?

Most would agree not – to the tune of a sizable 80% surveyed, who concur this kind of patchy knowledge is both unacceptable and extremely high risk.

But PCI compliance is tricky. It can get even seasoned CEOs and operations experts in a muddle.

Given that 89% of breaches have a financial motive, the only solution is…

Making PCI compliance “Business as Usual”

It isn’t easy, but it’s certainly necessary.

Less than half of global companies feel they have the security measures in place to effectively protect their payment data, and a skin-tingling 74% of IT professionals admit their companies are not fully PCI DSS compliant.

If you value your customers, it should be clear that you can’t be one of those statistics.

Even worse would be being one of the 80% of companies who pass their annual compliance assessment and go on to fail the subsequent interim one – demonstrating a failure to sustain their new security measures and again, more risk to the customer.

The ONLY solution is a continuous compliance mindset.

Cybercriminals won’t rest, and neither should you.

Proactively and continuously monitoring, maintaining and measuring your PCI compliance posture and effectiveness may sound full-on (and it is!), but it’s the only way to demonstrate that your approach to PCI compliance adheres to the strictest of standards.

It’s the only way to safeguard your customers’ data and respect the trust they place in your organisation.

Guess how many businesses with payment breaches investigated by Verizon were PCI DSS compliant at the time of their breach?


Leave a comment