The PCI DSS was established in 2004, with the PCI SSC following 2 years later. Since then, nearly everyone is aware of the PCI standards, understanding the need for compliance - what it is and why they should be doing it.
For everything that the PCI DSS has achieved, it's not without it's detractors.
Our Director and Founder, Benjamin Hosack, says “There is a lot more compromise activity going on than people realise. In Europe, e-commerce businesses are the ones that get hit most. In the US, it is mainly the card-present environment. In the Middle East and Africa, it is a mix of the two,” says Hosack.
On top of this, the payments world is accelerating - no longer does cardholder authentication mean simply a PIN.
How can the security of a landscape where new technologies come along every day realistically be risk assessed?
This article discusses how far we've come in the payment security world, and importantly - how far we still have to go.
“Criminals have become more aware of the opportunities for stealing data across the board. That is probably the biggest challenge we see today.” explains Jeremy King, International Director, PCI SSC. Benjamin Hosack, director at security firm Foregenix, has also noted a change in data breach trends. “In the early days of PCI DSS, the data compromises were more manual — they did not use much automation or malware. Over the last 7-10 years, the attacks are getting to be really quite sophisticated with advanced malware in retail, hospitality and e-commerce environments.” “There is a lot more compromise activity going on. In Europe, e-commerce businesses are the ones that get hit most. In the US, it is mainly the card- present environment. In the Middle East and Africa, it is a mix of the two,” says Hosack.