The Long Road to PCI Compliance

There are always plenty of businesses that have to be dragged kicking and screaming to the compliance killing floor. So it’s no surprise to read a survey by The Logic Group that suggests that only ten percent of organisations are fully compliant with the mandatory PCI security standard.

Closer analysis of the figures, however, shows that retailers are well on their way to compliance. According to the survey, awareness levels are up to 100% from 85% last year and 45% the pervious year. And eight out of ten merchants have assessed the impact of the PCI standard on their business. It’s clearly a slow process and understandably so, as PCI DSS is a highly prescriptive and potentially expensive standard to meet. I could never envisage any streetwise retailer diving in and implementing all those measures without a careful scrutiny of the financial and operational impact and a good look sideways at what everyone else is doing.

Compliance is not an overnight activity. It requires a gap analysis, impact assessment, business case and a rectification programme. You can’t conjure new budgets and the necessary resources out of thin air. According to the Logic Group survey, three quarters of companies are committed to achieving PC compliance over the next 18 months. And of these more than 40% are already in the remediation stage.

There are always laggards, so it’s not surprising to that 6% admitted to not having yet started the journey. What will happen to them? That’s the really interesting question. It will be interesting to see what fines and sanctions will be applied.