For Jack Ma, executive chairman of Alibaba Group Holdings, today is an extremely busy and lucrative day because the company he founded 15 years ...
92% of respondents said they would likely pass an audit if given today.
Retailers are making progress in complying with the Payment Card Industry Data Security Standard, but at a cost, according to a new survey sponsored by Cisco Systems Inc.
PCI is a set of technical and logistical standards that aim to protect cardholder transactions and the storage of payment data, and which are backed by the major payment card networks, with violations punished by fines. The survey found that 92% of respondents said that they were confident their existing network infrastructure would hold up to a PCI-compliance audit if given today—the same percentage as financial services respondents.
That’s a sign that significant progress has been made, says Fred Kost, Cisco’s director of security solutions marketing.
“Obviously retailers have to comply with PCI,” he says. “But it’s also clear that they’re recognizing benefits from doing so, such as protecting their brand and ensuring that customers trust them.”
It isn’t just that retailers are required to comply with PCI. They also believe that those standards bolster their businesses’ security, the survey found. 92% of respondents said that PCI compliance measures are necessary and nearly 80% said that their businesses were more secure than if PCI were not required.
Even so, compliance can be a costly burden. 16% of respondents said that their business has spent more than $1 million on PCI compliance in the past five years and nearly 30% have spent between $100,000 and $1 million. And those figures stand to rise as 70% said they anticipate their spending will increase this year.
The challenges of PCI compliance are not just budgetary or technical, says Kost. “There’s a human element as well,” he says. In fact, educating employees on the proper handling of cardholder data was the most mentioned difficulty, cited by 45% of respondents.
But because there are evolving PCI standards, retailers can’t rest, he says. “Progress has been made, but there is more work to be done.”