After nearly two years of persuasion, only one UK
merchant in 10 currently complies with the credit card issuers' new
security standardPCI:DSS
, according to a report from secure transaction specialistThe Logic
Group.
The survey covered top UK retailers, financial services
institutions and other businesses that accept card payments. It
found only 11% of respondents are fully compliant with PCI:DSS.
However, merchants all know about it. Awareness is 100%, up from
85% last year and 45% two years ago. Eight out of 10 have assessed
the impact PCI:DSS will have on their businesses, up by 56% from
last year.
Despite these awareness levels, the survey shows that there has
been only a 9% increase in PCI compliance in the past 12 months. A
further 6% of respondents have either not started becoming PCI
compliant or are not even planning to. More than half (53%) of
those surveyed have received little or no support or information
from acquiring banks, card schemes, suppliers and consultants.
Mark McMurtrie, marketing director at The Logic Group, said,
"The critical next step for most businesses is to get board
approval for the necessary remediation work to be sanctioned."
Robin Adams, head of Logic Group's security consulting, said
most firms underestimate the time needed to become compliant. "The
first six months are needed mainly to assess and plan the project,
and it takes the following 12 months to bring the policies and
practices into compliance," he said.
The survey showed 69% of merchants still have six months or more
to become compliant, and 9% have no plans to implement the standard
in the near future.
Adams said the initial drive for compliance has concentrated on
payment processors and the largest retailers. But now the focus is
shifting to medium and smaller outlets.