Despite pressure mounting to comply with Payment Card Industry Data Security Standard (PCI DSS) requirements, online-only retailers are leaving their high street competitors behind in the race to meet the standard.
According to figures issued by Visa earlier this year just nine per cent of the UK’s Level 1 retailers (those that handle more than six million transactions a year) have actually managed to achieve PCI DSS compliance.
Graham Boler, consultant at ECSC, said: “Most merchants are really now only coming to terms with the standard. While the larger retailers have embraced it pretty strongly, in the UK the next tier of high street retailers are only estimated to be about five per cent compliant.”
Neil Lathwood, IT director at UKFast, added, “By not investing in the standard retailers are shooting themselves in the feet and putting themselves at a disadvantage to their competitors. They are also leaving themselves open to huge fines.”
In a move to encourage businesses to adopt the standard, Visa increased its fine for a data breach by a Level 4 merchant (processing fewer than 20,000 ecommerce transactions annually) from 2,500GBP to 10,000GBP last year. In the first half of 2009, 200,000GBP a month was also collected in fines.
However it does appear that businesses are moving in the right direction even if they donâ€™t have the standard, with the number of companies storing sensitive card authentication data dropping by 2.5 per cent in January this year.
Daniel Atherton, managing director of Athernet Solutions, said: “The benefits to retailers and online merchants is that it will weed out a lot of unscrupulous websites and put pressure on those that are ignorant and do not realise what levels of security they need.”