New BDO cybersecurity report finds retail industry noncompliant with global payment card data securi

According to BDO, a case in point is that, on the 15th anniversary of the Payment Card Industry’s (PCI) Data Security Standard (DSS), many retailers are still not PCI-compliant. Created in in 2004, the standard’s objective was to increase security controls around credit card information and fraud incidents.

Among industries worldwide, retail ranks lowest on supply chain security, correct firewall usage, protection against malicious software, the development and maintenance of secure systems, access authentication and the testing of security systems and processes.

BDO points out that, while credit card numbers are considered a highly lucrative reward of a successful cyber-attack because financial information can be re-sold quickly on the black market, consumers are affected in other ways than just by the misuse of financial information, including:

  • Increasing prices of products or services
  • The compromise of personal identifiable information and identity theft
  • Theft or loss of products once purchased
  • The loss of value of stock or other investments made in the retail industry

More companies are facing major lawsuits from their own shareholders, consumer protection groups and federal and/or state government agencies for their negligence in providing an adequate information security programme for their organisation. This results in significant financial losses and negative impacts on brand and reputation.


Please find the download here.