Survey reveals alarmingly low levels of compliance for PCI DSS Only 3% Merchants Ready

Fleet - 27 September 2006

A survey conducted by secure transaction specialist, The Logic Group, revealed that only 3% of respondents are fully PCI DSS compliant despite a looming 30th June 2007 deadline. The survey included responses from over one hundred of the largest high street retailers, financial services institutions and leading businesses who accept card payments and compares the results with the previous year’s figures. Merchants that are not fully compliant with this new worldwide data security standard risk losing cardholder data leading to substantial brand damage, loss of customers, fines or even being barred from accepting card payments.

Although very few merchants are compliant, significant progress has been made over the past twelve months. Awareness levels have nearly doubled to 85% and 52% have now assessed the impact PCI DSS will have on their business, up from 27% last year.

The survey highlighted that 71% of those surveyed expect to be compliant within 18 months. With the next 6 months primarily focused on assessment and project planning with the following 12 months focused on remediation and compliance. A significant minority, 16%, have no plans to implement the standard in the near future.

Businesses have recognised the time, money and effort required to achieve compliance with a startling 78% believing that PCI DSS compliance is as or more demanding than the challenges they faced when implementing Chip & PIN.

“The merchant community has come a long way over the past twelve months and begun to put the necessary steps in place to achieve PCI compliance,” said Mark McMurtrie, Marketing Director at the Logic Group. “However a lot more needs to be done as only a few businesses are compliant today, so security breaches and criminal attacks remain a very real possibility. What is particularly encouraging is that the majority of merchants now know what needs to be done. The critical next step for most businesses is to get board approval for the necessary work to be sanctioned. It is clear from the results that there is a need for improved communication and support from the industry to accelerate take up and compliance.”

Top line survey findings include:

. 85% of respondents are aware of the standard, a significant improvement given only 45% knew about PCI when the last Logic Group survey was conducted 12 months ago
. 52% of surveyed companies have already assessed the impact PCI compliance will have on their businesses
. 60% of companies surveyed are currently at the PCI assessment phase
. 20 % of respondents haven’t even started the journey to achieving compliance
. 68 % of merchants rated the support they have received as being insufficient.
. 71% of respondents have committed to achieving PCI compliance over the next 18 months.

“Although the progress is encouraging, the clock is ticking,” added Mark McMurtrie. “Every organisation that handles and stores cardholder data, including high street retailers, online e-tailers, businesses with telephone contact centres, payment processors, right through to banks and the card schemes themselves, must be PCI compliant or face the consequences. With our unrivalled experience in transaction processing and security consultancy, we can help businesses achieve compliance whilst minimising the impact and cost.”

Become a bobsguide member to access the following

1. Unrestricted access to bobsguide
2. Send a proposal request
3. Insights delivered daily to your inbox
4. Career development