Merchants are still failing to understand the requirements of PCI DSS credit card data protection or the consequences of failing to be compliant with the rules.
The largest merchants had to meet a raft of PCI requirements by the end of last September before the standard to protect data is rolled out to smaller retailers but three months down the road there continue to be problems.
James Walker, head of sales at Blackfoot UK, said that there was still confusion in the retail community about not just how to become compliant but what the consequences would be if they failed to get in line with the rules.
"A lot of merchants don't actually take the time to understand how do we tackle this to get compliant and then what they do once they have achieved compliance, so a lack of strategic planning is the biggest mistake," he said.
"The majority of merchants have really been focusing over the last couple of years on attaining compliance but unfortunately compliance is a state that you must be at all times rather than a one-off incident or a certificate.So maintaining compliance is quite challenging," he added. "Maintaining compliance is something that has been underestimated by merchants."
Ross Brewer, vice president and managing director APAC & EMEA at LogRhythm, said the payment card industry, banks and credit card providers understood PCI but there were still areas of the market that hadn't grasped it.
"Where there needs to be more education is at the C level, executive management level, because IT infrastructure and security isn't in their daily thought processes," he said.
From a channel perspective those resellers selling security without having made PCI a speciality have to do more to learn about the requirements to aid customers.
"I truly believe more needs to be done in educating channel partners in understanding PCI compliance. The level of knowledge and experience sits with [specialists] but your average IT security reseller account manager probably needs a better understanding of how they can help customers comply with PCI," said Alex Teh, director of Vigil Software.