Internet Retailer - Strategies For Multi-Channel Retailing
Home Editorial Guides Conferences Subscriptions
search
Advertising Coming Soon Contact Us

Top 500 Guide
Web Design Guide
EC Technology Guide
IRCE 2008 CD-ROM
Web Design 08 CD-ROM
Order Reprints/E-Prints
Buyer's Guide

News Stories
News Stories Thursday, June 28, 2007   
E-Mail 'Wide gap exists in how merchants address payment security, new study says' to a friend  Printer Friendly: Wide gap exists in how merchants address payment security, new study says   

Internet Retailer Top 500 Guide

Wide gap exists in how merchants address payment security, new study says


On average, only 66% of merchants and other organizations involved in processing payment card data encrypt that data for transmission over the Internet, compared to 100% among best-in-class organizations, research and advisory firm Aberdeen Group says in a new study, “Protecting Cardholder Data.”

The study, which Aberdeen will officially release June 29, shows that half of retailers and other companies involved in processing and storing consumer credit card data fall behind best-in-class organizations—often by wide margins—in each of 12 payment card industry data security standards set by the credit card industry. The standards, commonly referred to as PCI DSS, spell out steps that merchants and other companies that handle credit card data must take to guard against payment card data getting stolen or otherwise compromised.

IRCE 2008 Conference Multi-Media CD-ROM

Visa, MasterCard and other payment card companies have upped their fines this year to as much as $25,000 a month for large merchants who don’t comply with the standards. And high-profile data breaches, such as the one that TJX Companies Inc. discovered in January, are raising consumers’ awareness that their payment data might not be secure—to the point that they might stop shopping at retailers where they perceive a threat.

“Best-in-class organizations tend to take a positive strategic view towards compliance with the PCI Data Security Standard,” Aberdeen says in the report, a complimentary copy of which Aberdeen, a unit of Harte-Hanks Inc., will make available June 29 at Aberdeen.com. More than two out of three best-in-class organizations view PCI DSS as the best available framework to guide their security strategies, while more than one of out three “laggards” do the minimum required to satisfy the major payment card brands, the study says.

Aberdeen, which based its study on a survey earlier this month of more than 100 merchants and other companies, says 20% of respondents fell in the best-in-class category, 50% were average and 30% were laggard, or significantly behind average performance in protecting payment card data.

Following are the performance percentages for best-in-class, average and laggard companies for the six primary PCI DSS control objectives. (Figures indicate the percentage of companies whose performance in meeting each objective was rated at least four on a scale of one to five.)

Information security policy established and maintained:
Best in class 95%
Average 70%
Laggards 37%

Networks regularly monitored and tested:
Best in class 95%
Average 67%
Laggards 25%

Strong access control mechanisms:
Best in class 100%
Average 53%
Laggards 22%

Vulnerability management program:
Best in class 68%
Average 49%
Laggards 7%

Cardholder data protected during storage, processing and transmission:
Best in class 95%
Average 61%
Laggards 39%

Secure network built and maintained:
Best in class 100%
Average 74%
Laggards 23%

Back...

Guide to Retail Web Design & Usability

Copyright © 2006 This content is the property of Vertical Web Media. Privacy Policy
Articles by Age, Title, Author. Conference, CD, Guides