Cardholder data is a prime target for cyber criminals, and that is only likely to increase in the coming year, according to a cloud-based secure payments firm
In the retail sector, almost all of the data breaches involve some kind of compromise to cardholder data, which is a trend that is expected to increase.
Despite investment in security and compliance, 2018 shows no signs of high-profile hacks slowing down, with most security suppliers predicting the ransomware attacks that dominated 2017 will continue, driven by an increase in the providers of ransomware as a service (RaaS).
This cyber criminal business model is expected to increase the potential for even non-technical attackers to target poorly secured organisations and consumers, which means businesses will need to step up their cyber defences more than ever before.
However, this rising threat can be mitigated with the introduction of controls required to secure this data under the Payment Card Industry Data Security Standard (PCI DSS), according to secure payments firm PCI Pal.
Breached organisations demonstrated lower compliance with 10 out of the 12 PCI DSS key requirements, according to the Verizon 2017 payment security report. In August 2017, Gabriel Leperlier, head of continental europe advisory services GRC/PCI at Verizon, told Computer Weekly that while compliance does not guarantee an organisation will not be breached, the data shows that failure to comply almost certainly means they will be breached.
“Businesses may not be able to reduce the number of incoming threats but, by ensuring PCI DSS compliance, they can certainly reduce the success rate,” said James Barham, chief commercial officer at PCI Pal.
To date, he said, the vast majority of security investment has focused firmly on keeping cyber criminals out, but that only works to a certain extent. “Because there is much greater impetus for the hackers to devise new methodologies to gain access and the security industry at large is only ever playing catch up, but we expect 2018 to see a step change in the mentality of data protection from trying to keep people out, to simply ensuring there is no data for them to take,” he said.