A survey conducted by secure transaction specialist, The Logic Group, revealed that only 11% of respondents are fully PCI DSS compliant. The survey included responses from leading UK retailers, financial services institutions and other businesses that accept card payments.
Although only a small number of merchants are compliant, it is clear that significant progress has been made over the past twelve months. Awareness levels have hit 100% up from 85% last year and 45% two years ago. Nearly all merchants have now assessed the impact PCI DSS will have on their business, with 81% of respondents having been assessed, up by 56% from last year.
Despite these awareness levels the survey shows that there has been only an 9% increase in PCI compliance in the last 12 months. A further 6% of respondents have either not started the process of becoming PCI compliant or are not even planning to. This slow progress may partly be due to the perceived lack of information and support given to those businesses seeking to become compliant. Accordingly 53% of those surveyed have received little or no support or information from acquiring banks, card schemes, suppliers and consultants.
"The merchant community has come a long way over the past twelve months," said Mark McMurtrie, Marketing Director at The Logic Group. "However a lot more needs to be done as only a small number of businesses are compliant today, so security breaches and criminal attacks remain a very real possibility. What is particularly encouraging is that all the merchants are now aware of what needs to be done. The critical next step for most businesses is to get board approval for the necessary remediation work to be sanctioned. It is clear from the results that there is a need for further improved communication and support from the industry to accelerate take up and compliance."
The survey also underlines the size and scale of the project to become PCI compliant. It is estimated that the first 6 months is primarily focused on assessment and project planning with the following 12 months focused on remediation and compliance. The results reflect this assessment as 69% of those surveyed still have 6 months or more to become PCI compliant. A significant minority, 9%, have no plansans to implement the standard in the near future.
Top line survey findings include:
- 100% of respondents are aware of the standard, a significant improvement given only 45% knew about PCI two years ago.
- 81% of surveyed companies have already assessed the impact PCI compliance will have on their businesses, up from only 52% last year.
- 73% of companies surveyed have committed to achieving PCI compliance over the next 18 months.
- Of these 73%, 42% are at the remediation phase, up from just 18% last year.
- 6% of respondents haven't even started the journey to achieving compliance
- 53% of merchants rated the support they have received as being insufficient.