NEW YORK – A new survey revealed that less than 50 percent of businesses that process 20,000 or more credit or debit card purchase transactions a year are compliant with the Payment Card Industry Data Security Standards, American Banker reports.
Computerworld Inc., a Massachusetts provider of technology information, surveyed 123 businesses on behalf of nuBridges Inc., a company that provides data security products, and 57% of respondents reporting that they had a PCI initiative in place, yet only 37 percent of those were PCI compliant. Twenty-eight percent of respondents said that they were planning a PCI strategy while a remarkable 15 percent indicated that they had no plans to address PCI compliance.
Respondents said that the most difficult compliance component is encryption (cited by 41 percent of respondents), followed by security-event logging (40%) and data in transit (38%).
"Given all of the attention to credit card breaches, it is surprising that some companies continue to put off securing the information and/or don't intend to," said Gary Palgon, nuBridges' vice president of product management. "The higher percentages of compliance we often hear about really only covers the largest merchants, but rather when you look at the overall cross-section of companies accepting and/or storing card data, we still have a long way to go before card data is truly secure."
Of the survey respondents, 39% accept more than 6 million card transactions a year, 20% accept 1 million to 6 million, and 41% accept 20,000 to 1 million.
For more on PCI compliance, read NACS Magazine PCI compliance articles “Bite the Bullet,” and “Bite the Bullet Part 2” featured in April and November 2009.
Also, visit the Resources section to learn more about PCI compliance and what NACS is doing.