Connect with us


SecurityScorecard releases new research report finding over 90 percent of retailers missing PCI compliance mark

SecurityScorecardreleases new research report finding over 90 percent of retailers missing PCI compliance mark

Security Ratings Leader Assesses Retail Industry Vulnerabilities and Points of Exposure 

SecurityScorecard, the leader in security ratings, today announced the release of the company’s newest annual research, The 2018 SecurityScorecard Retail Cybersecurity Report. SecurityScorecard analysed 1,444 domains in the retail industry with digital footprints of 100 or more IP addresses.

The report compares the average SecurityScorecard grade of the retail industry to other vertical markets, highlights the top retail domains and includes unique retail domain information, such as percentages of malware infection discovered, reported breach data, and compliance analysis.

“This year the retail industry’s security posture fell lower than in years past, both in application security and social engineering,” said Fouad Khalil, head of compliance at SecurityScorecard. “To remain competitive, retailers are adopting new payment and digital technologies, exposing them as prime targets for cybercriminals. This report demonstrates the importance of understanding the full retail ecosystem and how the industry is faring when it comes to meeting standard compliance guidelines.”

Key Findings:

  • PCI Non-Compliance: Over 90 percent of the retail domains analysed indicated non-compliance with PCI DSS standards.
  • Retail Industry Neglects Application Security: Out of all of the industries monitored by SecurityScorecard, the retail sector scored second to last – a significant drop from 2017.
  • Social Engineering on the Rise: The retail industry ranks last in security measures against social engineering vulnerabilities, a drop from seventh place in last year’s report.
  • Point-In-Time Compliance does not Cut it: Periodic scans for issues and vulnerabilities are not as effective against attacks as real-time monitoring.

“As organisations assess their compliance with PCI DSS, they must be able to detect, remediate and recover from any threats or vulnerabilities adding risk to unauthorised access to CDE,” continued Khalil.

SecurityScorecard continually monitors more than 200,000 businesses across the world and rates them on an easy-to-understand A-F scale. Companies with a C, D, or F rating are 5.4 times more likely to be breached than companies with an A or B rating.

Get your Instant SecurityScorecard to discover how hackers, partners and customers see your organisation.

Editorial & Advertiser disclosure
Our website provides you with information, news, press releases, Opinion and advertorials on various financial products and services. This is not to be considered as financial advice and should be considered only for information purposes. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third party websites, affiliate sales networks, and may link to our advertising partners websites. Though we are tied up with various advertising and affiliate networks, this does not affect our analysis or opinion. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you, or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish sponsored articles or links, you may consider all articles or links hosted on our site as a partner endorsed link.
Global Banking and Finance Review Awards Nominations 2022
2022 Awards now open. Click Here to Nominate


Newsletters with Secrets & Analysis. Subscribe Now