Retailers massively failing PCI DSS test, SecurityScorecard
90.72% of the retail industry is not compliant with the PCI DSS standards, according to a new report from SecurityScorecard.
The company analysed 1,444 domains in the retail industry with digital footprints of 100 or more IP addresses. “This year the retail industry’s security posture fell lower than in years past, both in application security and social engineering,” says Fouad Khalil, Head of Compliance at SecurityScorecard.
“To remain competitive, retailers are adopting new payment and digital technologies, exposing them as prime targets for cybercriminals. Our report demonstrates the importance of understanding the full retail ecosystem and how the industry is faring when it comes to meeting standard compliance guidelines.”
Other key findings: Out of all of the industries monitored by SecurityScorecard, the retail sector scored second to last in terms of application security - a significant drop from 2017; The industry ranks last in security measures against social engineering vulnerabilities, a drop from seventh place in last year’s report.