Twitter
Facebook
Linked In
RSS
Login or Register
New to InternetRetailing?
Register Now
Internet Retailing

This is your 1 complimentary article for this month

Become a member for unlimited and immediate access.


Register
Already a member? Log in here

57% of retailers are failing to comply with PCI DSS requirements

Linked InTwitterFacebookeCard


New research conducted by Redshift Research on behalf of IT security and compliance automation provider Tripwire has found that 89% of companies are not currently audited and certified as PCI DSS compliant.

The survey, which sampled the views of 100 retail, financial services and hospitality businesses, also found that 35% of respondents still do not fully understand PCI compliance requirements and nearly a third of respondents do not know if they will be compliant by the September 2010 deadline.

Although the majority of respondents say they are confident about achieving PCI compliance, the research survey found that 32% are currently responding to weaknesses that were identified in their PCI DSS pre-audit, 27% of companies will put off becoming PCI compliant for as long as possible, 14% have completed a PCI DSS pre-audit but have not undertaken any further action and 14% are not compliant and are not in the process of becoming so. In addition, 39% of respondents believe that credit card security should be the problem of the credit card companies.

Smaller businesses are lagging behind larger organisations in terms of PCI readiness. 56% of Level 4 merchants and 36% of Level 3 merchants do not fully understand PCI requirements. In contrast, only 14% of Level 2 merchants do not fully understand the requirements, while all Level 1 merchants said that they fully understand the requirements.

When asked whether they were confident about meeting the September 2010 deadline, 21% of Level 3 merchants said they would not be compliant in time and a further 25% of Level 3 merchants did not know if they would be compliant in time. 7% of Level 4 merchants said they would not be compliant, and a further 31% said they did not know if they would be compliant. Only 11% of Level 2 merchants were unsure about achieving compliance, while all Level 1 merchants were confident about meeting the deadline.

Comparing the results by industry sector, 57% of retailers admitted that they still do not fully understand PCI requirements, compared to 27% of finance companies and 27% of leisure companies. 20% of finance companies said they would not be compliant by the September 2010 deadline, and a further 20% of finance respondents did not know if they would meet the deadline. Furthermore, 25% of retailers did not know if they would be compliant, while only 9% of leisure companies were unsure about hitting the deadline.

"The research demonstrates that there is now a growing awareness of the importance of PCI DSS standards, however with only a small minority of companies currently certified as compliant many organisations are facing an uphill battle to meet the September 2010 deadline," says Tripwire's Rob Warmack. "In particular, Level 3 and 4 merchants lag Level 1 and 2 merchants in terms of PCI readiness, suggesting that many smaller businesses have to date perceived PCI standards to be the preserve of larger organisations."

Linked InTwitterFacebookeCard

Become a Member

Create your own public-facing profile
Gain access to all Top500 research
Personalise your experience on IR.net
Internet Retailing
We are the magazine, portal and research source for European ecommerce and multichannel retail, hosting the board-level conversation for retailers, pureplays and brands across all of our platforms. Join the conversation.

© InternetRetailing Media

Latest Tweet

Internet Retailing
Tamebay
eDelivery
Twitter
Facebook
Linked In
Youtube
RSS
RSS
Youtube
Google
Linked In
Facebook
Twitter