Credit card security report gives many merchants failing grades

By , CardRatings contributor
  • Google +
  • Twitter
  • Facebook

Despite the risk of severe penalties from credit card transaction networks, only 21 percent of merchants passed a payment security audit conducted by experts from Verizon. The communications company uses both voice and data lines to move data from retailers to bank servers, so it regularly measures how well its clients comply with industry standard security measures.

The latest version of the Verizon Payment Card Industry Compliance Report suggests that most retailers can do much more to prevent credit card numbers from falling into the hands of fraudsters and identity thieves.

Grading criteria

Verizon's report graded organizations on each of the 12 requirements that make up the Payment Card Industry Data Security Standard (PCI DSS). Researchers found that merchants faced the toughest challenges with:

  • protecting stored cardholder expiration dates
  • tracking and monitoring access to saved credit card data
  • regularly testing systems and processes
  • maintaining security policies

Verizon's researchers found that many merchants felt overconfident about their policies and procedures, often ignoring threats with the highest risk. Small companies often assume their size makes them less likely targets for identity thieves. However, two-thirds of corporate data attacks occurred at businesses with fewer than 100 employees. In its annual report, Visa officials stated that 95 percent of credit card breaches against its cardholders happen at small businesses.

How merchants can enhance security

Credit card industry analysts at Business Owners Liability Team, a corporate insurance provider, corroborated many of Verizon's findings. For example, BOLT researchers report that merchants can significantly enhance their security by:

  • requiring secure passwords
  • installing Internet firewalls to detect intrusions
  • storing credit card data on fixed servers instead of on laptops
  • training employees not to respond to social engineering attempts
  • restricting employee access to customer information

BOLT and Verizon both note that companies rarely have the internal expertise to fully detect potential threats. Independent security audits based on the PCI DSS can help owners and managers guarantee the security of customer credit card details, preventing costly chargebacks and lawsuits.

0 Responses to "Credit card security report gives many merchants failing grades"

No Comments

Leave a Comment
About Our Ratings ×

Our editors rate credit cards objectively based on the features the credit card offers consumers, the fees and interest rates, and how a credit card compares with other cards in its category. Ratings vary by category, and the same card may receive a certain number of stars in one category and a higher or lower number in another.

The ratings are the expert opinion of our editors, and not influenced by any remuneration this site may receive from card issuers.

Advertisers in our database are highlighted, and advertisements include an option to apply using links on our site. CardRatings.com may be compensated by companies mentioned on the site when a user's application is accepted or approved by such companies.

How do your cards stack up?

Compare your card starting here


Featured Partner Cards