The survey of 100 retail, financial services and hospitality businesses, conducted by Redshift Research shows that only 11% of companies are currently audited and certified as compliant.

In addition, 35% of respondents still do not fully understand PCI compliance requirements, and nearly a third do not know if they will be compliant by the September 2010 deadline.

The research survey reveals that 32% of companies are currently responding to weaknesses that were identified in their PCI DSS pre-audit, 27% will put off becoming compliant for as long as possible, 14% have completed a pre-audit but not undertaken any further action and 14% are not compliant and are not in the process of becoming so.

In addition, 39% of respondents believe that credit card security should be the problem of the credit card companies. Meanwhile, only a quarter have a dedicated PCI DSS Project Manager with 78% saying that issue falls within the remit of IT security.

Smaller businesses are lagging behind larger companies in terms of PCI readiness, with all Level 1 merchants saying they understand the issue, compared to just 44% of Level 4 firms.

Comparing the results by industry sector, 57% of retailers admit that they still do not fully understand PCI requirements, compared to 27% of finance companies and 27% of leisure firms.

A fifth of finance companies say they will not be compliant by the September 2010 deadline, and a further 20% do not know if they will meet it.

Guy Washer, MD, Redshift Research, says: "The results suggest that many companies could actually be taking a 'blind faith' approach to PCI compliance. Despite the fact that most companies remain confident of meeting the PCI deadline, only a small minority are currently audited and certified as compliant, and there is still confusion over PCI standards."