NEW YORK CITY—While data breaches continue to get widespread media coverage, a new report indicates that theft of payment card data and other personal information is occurring in multiple industries in all international markets.
Verizon’s fourth annual PCI Compliance Report notes that while compliance with the Payment Card Industry Data Security Standard has been a focus of companies for nearly two years in the U.S., maintaining compliance with the standard is an increasing challenge for global industries, with companies and financial institutions in many parts of the world lagging the United States.
The study points out that the media coverage in the U.S. of the data breaches gives the impression American companies are victimized more often than companies in other countries, when the reality is that many countries lack the breach notification laws of the U.S.
In the new Verizon report, data from clients in 95 countries is included, though the majority of data is from U.S. organizations. The report cites data from the firm BI Intelligence that found financial losses related to card fraud doubled from $7 billion in 2009 to $14 billion in 2013,.
Breached companies were typically not complying with 10 out of 12 PCI-DSS requirements at the times of their breaches in late 2013 and 2014, the Verizon report states, noting, "This certainly suggests a strong correlation between not being PCI-DSS compliant and being more susceptible to a data breach involving payment card information.”