The arms race between information security and hackers is favoring the cyber criminals at an increasing rate according to the latest Verizon 2015 PCI Compliance Report. The report states that only 20% of merchants met the minimum PCI compliance requirements. The PCI requirements are even being called insufficient as hackers move on to bigger and more lucrative information targets.
For more than a year now headlines have been peppered with breaches of sensitive information data bases. The Verizon 2014 Data Breach Investigation Report revealed that 9,700 companies had experienced data breaches numbering in the millions. The sheer number of breaches have been increasing at an alarming rate. Since 2009 the quantity of attacks has risen by 66% according to the report. This rise in attacks, successful or not, indicates a larger problem for the payment processing industry as a whole.
Information security experts suggest that PCI compliance is just the baseline of security needs. The industry as whole needs to meet the most basic requirements and then take it a step farther. Only through industry-wide security awareness and effort can merchants protect their own sensitive information as well as those of their customers.
Hackers are no longer targeting just PCI information. In addition to the increasing frequency of cyber attacks, hackers now target personally identifiable information (PII) which can create serious problems for customers. PII information includes names, birthdays, social security numbers, medical identification, e-mail addresses, street addresses, and even employee data. With this amount of information as tools, hackers can exploit any part of a person’s identity and convince anyone from the IRS to a merchant services provider that they are who they claim to be. This could easily expose your high risk merchant account to predatory hackers.
While the payments industry is shifting to new security measures such as tokens, they are already playing catch-up and merchants are vulnerable until new security is implemented. So long as hackers are one step ahead, it falls to the merchant to guard their information until industry security requirements and compliance measures are sufficient to the contemporary onslaught of cyber attacks.