Most organizations partially compliant with PCI DSS, survey says

A large number of retailers as well as other businesses and organizations are at least partially compliant with the Payment Card Industry Data Security Standards, according to a recent survey commissioned by VanDyke Software Inc.

IRCE 2008 Conference Multi-Media CD-ROM

Of 212 respondents who indicated their organizations accept credit card payments, 48.11% said they were very compliant, 33.01% said they were compliant, and 4.71% are somewhat compliant, according to the survey. 4.71% said they were not compliant, 6.6% said they didn’t know, and 2.83% said they never heard of the standards.

“Over 80% of the survey respondents working for organizations which accept credit card payments at point of sale, over the Internet, by mail or by phone said they were PCI DSS compliant,” says Steve Birnkrant, CEO of Amplitude Research, which conducted the survey.

Of 175 information technology managers who said their organizations were not compliant or somewhat compliant, 38.85% said they will take action within the next 6 months to become more PCI compliant, while 37.71% said they would take action in the next 7 to 12 months. In addition, 13.71% said they would take action within 13 to 18 months and 1.71% indicated they would take action beyond 18 months. 8% said they don’t know when they’ll take action.

Further, of the 212 respondents that indicated their organization accepts credit card payments, 40% indicated their organization had been audited for compliance with the PCI DSS standards, Birnkrant says.