Retail payment security “very bad”, risking massive fines under new legislation

239
payment security

Retail has been highlighted as the worst industry in terms of securing its payment systems from hacking threats, with nearly half of all companies failing to meet industry requirements.

According to a new study from Verizon, 45 per cent of all companies leave their payment systems vulnerable to cyber-attacks, failing to scan systems for vulnerabilities and not encrypting their data.

This puts them at risk of not being able to receive card payments as they fall out of compliance with the Payment Card Industry (PCI) rules.

The results come ahead of the introduction of the General Data Protection Regulation, new legislation on data protection which can impose fines of up to four per cent of revenues.

READ MORE:  Big Brother is watching: Why retailers probably recognise your face

“Retail is very bad at testing and very poor at encrypting data, securing transmitted data and authentication,” Verizon global intelligence manager Ciske Van Oosten said.

He added that retailer need to scan their systems for vulnerabilities whenever new hardware or software is installed.

After three to nine months after a PCI check, many companies were found to have made changes which meant they failed to comply.

Furthermore not one company which meets the guidelines has fallen victim to cyberattacks.

Click here to sign up to Retail Gazette‘s free daily email newsletter