5 min read

Compliance can get confusing fast. Restaurants and retail establishments have many voices talking about compliance. Most of the time, the information provided is out of context, incomplete, or flat-out incorrect. While third-party supply chain security and monitoring is essential, the ultimate responsibility for compliance and data protection rests with your organization and leaders. Unfortunately, most businesses are unaware that they are responsible for their own compliance associated with outside systems.

Verizon’s Payment Security Report (PSR) highlights that the Retail, Financial, and Hospitality sectors have seen consistent decline in PCI DSS compliance. The compliance percentage point decline has seen a 27.5% drop since 2016. This shows how difficult its been for businesses to keep baseline security controls in place.

The blame is placed on small budgets, lack of IT security talent, and other challenges and priorities within IT and Security. With all of these obstacles, businesses tend to go with quick fixes rather than implementing long-term solutions.

The PSR confirms what we all already know – financial gain is the primary motivator for cybercrime, accounting for 86% of breaches. For retail, threat actors see an even bigger opportunity with 99% of incidents in retail being financially motivated, as payment data remains the most beneficial commodity for criminals.

Since last year, restaurants and retail have been catapulted into a new way of doing business – using web applications versus Point-of-Sale (POS) devices, which is the perfect entry point for breaching retail and restaurant businesses.

Our new business climate has driven threat actors to increase targeting mobile payments. According to the Verizon Mobile Security Index report, the number of organizations suffering a cybersecurity compromise involving a mobile device went up to 33% in 2019. The PSR also suggests the need to integrate Managed Threat Detection tools that ensure devices aren’t compromised before entering sensitive information.

A model framework for security, PCI DSS integrates best practices forged from the experiences of security experts around the world. As a recap, PCI DSS goals are to:

  • Build and Maintain a Secure Network
  • Protect Cardholder Data
  • Maintain a Vulnerability Program
  • Implement Strong Access Control Measures
  • Regularly Monitor and Test Network Resiliency and Security
  • Maintain an Information Security Policy

How do you get started? Take Netsurion’s short quiz to help determine your level of
PCI DSS compliance and which of the requirements to prioritize.

When it comes to security versus compliance, the PSR shows that they are not mutually exclusive. It shows that both are important to manage the risk to your merchant business. Cybersecurity is ever-evolving, and the best way to combat cyber criminals is to balance short-term and long-term focus and investment.

Managing PCI DSS compliance for retail and restaurants can be a headache. Netsurion helps you simplify compliance management and improve your brand’s security posture while letting you get back to business. Learn more about the financial consequences of non-compliance.

Verizon 2020 Payment Security Report.
Verizon 2020 Mobile Security Index.