67% of Companies Fail Credit Card Security Compliance
All merchants who accept credit cards are now subject to strict Payment Card Industry standards, rules, and regulations, which require a level of security that took about five years to finally implement.
PCI exists to increase credit card security and, among other goals, to stave off government intervention. While significant effort has been made to improve the security of credit card data processing, adequate attention has yet to be given to the identification, authentication, and accountability of cardholders.
For consumers, the primary concern is account takeover. Account takeover occurs when your existing bank or credit card accounts are infiltrated and your money is siphoned out. A hacked account or stolen credit card is often to blame.
InformationWeek reports that according to a new Ponemon Institute survey, “50% of security professionals view PCI as a burden, and 59% don’t think it helps them improve security. Furthermore, comparing this study with the inaugural one conducted in 2009, the number of respondents who said they had sufficient resources to comply with PCI dropped from 40% to 38%. Ponemon also found that the number of organizations that had experienced a data breach in the past two years increased from 79% in 2009 to 85% in 2011.”
Retailers who invest in device fingerprinting and device reputation make it much easier to identify bad guys during purchases, making those stolen credit card numbers way less valuable to thieves. By instantly evaluating a device’s history for criminal activity and assessing risk on new devices within a fraction of a second, retailers can stop fraudulent transactions before the order is accepted and product shipped.
Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses credit card fraud on NBC Boston.