Although very few merchants are compliant, significant progress has been made over the past twelve months. Awareness levels have nearly doubled to 85% and 52% have now assessed the impact PCI DSS will have on their business, up from 27% last year.
The survey highlighted that 71% of those surveyed expect to be compliant within 18 months. With the next 6 months primarily focused on assessment and project planning with the following 12 months focused on remediation and compliance. A significant minority, 16%, have no plans to implement the standard in the near future.
Businesses have recognised the time, money and effort required to achieve compliance with a startling 78% believing that PCI DSS compliance is as or more demanding than the challenges they faced when implementing Chip & PIN.
âThe merchant community has come a long way over the past twelve months and begun to put the necessary steps in place to achieve PCI compliance,â said Mark McMurtrie, Marketing Director at the Logic Group. âHowever a lot more needs to be done as only a few businesses are compliant today, so security breaches and criminal attacks remain a very real possibility. What is particularly encouraging is that the majority of merchants now know what needs to be done. The critical next step for most businesses is to get board approval for the necessary work to be sanctioned. It is clear from the results that there is a need for improved communication and support from the industry to accelerate take up and compliance.â
Top line survey findings include:
. 85% of respondents are aware of the standard, a significant improvement given only 45% knew about PCI when the last Logic Group survey was conducted 12 months ago
. 52% of surveyed companies have already assessed the impact PCI compliance will have on their businesses
. 60% of companies surveyed are currently at the PCI assessment phase
. 20 % of respondents havenât even started the journey to achieving compliance
. 68 % of merchants rated the support they have received as being insufficient.
. 71% of respondents have committed to achieving PCI compliance over the next 18 months.
âAlthough the progress is encouraging, the clock is ticking,â added Mark McMurtrie. âEvery organisation that handles and stores cardholder data, including high street retailers, online e-tailers, businesses with telephone contact centres, payment processors, right through to banks and the card schemes themselves, must be PCI compliant or face the consequences. With our unrivalled experience in transaction processing and security consultancy, we can help businesses achieve compliance whilst minimising the impact and cost.â