The numerous new attack vectors being used by threat actors to obtain payment card data underscores the increasing necessity of compliance with the Payment Card Industry Data Security Standard (PCI DSS). According to the 2023 edition of Verizon\u2019s\u00a0Data Breach Investigations Report\u00a0(DBIR), payment card data was compromised in 37% of breaches in 2022.\u00a0\n\nIt is also a high-value target. In the Hospitality industry, credit card data was the target of 41% of cyberattacks, according to the 2023 DBIR. \n\nNot surprisingly, the retail industry was also highly targeted. Verizon\u2019s researchers found that payment data comprised 37% of the data compromised in attacks. Notably, they also found another risk, as 18% of attacks on e-commerce companies involved malicious code embedded within credit card processing pages \u2013 an approach in which attackers remain undetected as they pilfer payment card data without impacting the site\u2019s operation.\n\nTo avoid the reputational harm and lawsuits that accompany such breaches, businesses must embrace a comprehensive program to comply with PCI DSS v4.0 and remain compliant long-term, while continually strengthening their overall security stance. \n\nBut how can enterprises know if their payment card data security program is ready? And more specifically, what can CIOs, CISOs and other IT leaders do to make certain they are doing everything possible to prevent the loss of payment card data \u2013 an event that creates a worrisome inconvenience for customers and loss of trust among consumers?\n\nKris Philipsen, managing director of Cyber Security Consulting at Verizon, notes there is a lot to take into account, as PCI DSS v4.0 includes substantial updates and many new requirements.\n\n\u201cFortunately, compliance is not simply window dressing or an added complexity in the already challenging task of safeguarding payment card data and digital payments. It is a highly effective defense that also contributes significantly to the design of an effective enterprise-wide security program.\u201d\n\nTo know if their payment card data security program is ready, Philipsen stresses that IT leaders must first acknowledge the need for a comprehensive compliance program that contributes to an overall security program that is sustainable, adaptable and able to provide continuous maturity improvement.\n\nThat requires good leadership to avoid the most common reasons for PCI DSS compliance failures. They include:\n\n\u201cIT leaders need to approach PCI DSS v4.0 compliance as but one goal of their efforts, but not their end goal,\u201d Philipsen adds. \u201cYou want to create a program that is compliant with PCI DSS v4.0 and that effectively and sustainably protects payment card data even as the threat landscape evolves.\u201d\n\nYou can find more information on Verizon\u2019s PCI DSS assessment\u00a0here. Security and compliance teams can also download the\u00a02023 Payment Security Report\u00a0insights for information on advanced PCI security program management and design.