January 13, 2011, 9:41 AM

Retailers have made significant progress in PCI compliance, says a new survey

92% of respondents said they would likely pass an audit if given today.

Zak Stambor

Managing Editor

Lead Photo

Retailers are making progress in complying with the Payment Card Industry Data Security Standard, but at a cost, according to a new survey sponsored by Cisco Systems Inc.

PCI is a set of technical and logistical standards that aim to protect cardholder transactions and the storage of payment data, and which are backed by the major payment card networks, with violations punished by fines. The survey found that 92% of respondents said that they were confident their existing network infrastructure would hold up to a PCI-compliance audit if given today—the same percentage as financial services respondents.

That’s a sign that significant progress has been made, says Fred Kost, Cisco’s director of security solutions marketing.

“Obviously retailers have to comply with PCI,” he says. “But it’s also clear that they’re recognizing benefits from doing so, such as protecting their brand and ensuring that customers trust them.”

It isn’t just that retailers are required to comply with PCI. They also believe that those standards bolster their businesses’ security, the survey found. 92% of respondents said that PCI compliance measures are necessary and nearly 80% said that their businesses were more secure than if PCI were not required.

Even so, compliance can be a costly burden. 16% of respondents said that their business has spent more than $1 million on PCI compliance in the past five years and nearly 30% have spent between $100,000 and $1 million. And those figures stand to rise as 70% said they anticipate their spending will increase this year.

The challenges of PCI compliance are not just budgetary or technical, says Kost. “There’s a human element as well,” he says.  In fact, educating employees on the proper handling of cardholder data was the most mentioned difficulty, cited by 45% of respondents. 

But because there are evolving PCI standards, retailers can’t rest, he says. “Progress has been made, but there is more work to be done.”

 

Comments

Sign In to Make a Comment

Comments are moderated by Internet Retailer and can be removed.

Not a member? Signup for free today!

Advertisement

Advertisement

Advertisement

Relevant Commentary

FPO

Sergio Pereira / B2B E-Commerce

Quill turns to its B2B customers for new ideas

Coming in April is a new section of Quill.com that will let customers and Quill ...

FPO

Charles Nicholls / E-Commerce

E-mail remarketing: three best practices to maximize revenue

Consumers who make it to the shopping cart are interested in buying. The chief strategy ...

Advertisement