January 13, 2011, 9:41 AM

Retailers have made significant progress in PCI compliance, says a new survey

92% of respondents said they would likely pass an audit if given today.

Lead Photo

Retailers are making progress in complying with the Payment Card Industry Data Security Standard, but at a cost, according to a new survey sponsored by Cisco Systems Inc.

PCI is a set of technical and logistical standards that aim to protect cardholder transactions and the storage of payment data, and which are backed by the major payment card networks, with violations punished by fines. The survey found that 92% of respondents said that they were confident their existing network infrastructure would hold up to a PCI-compliance audit if given today—the same percentage as financial services respondents.

That’s a sign that significant progress has been made, says Fred Kost, Cisco’s director of security solutions marketing.

“Obviously retailers have to comply with PCI,” he says. “But it’s also clear that they’re recognizing benefits from doing so, such as protecting their brand and ensuring that customers trust them.”

It isn’t just that retailers are required to comply with PCI. They also believe that those standards bolster their businesses’ security, the survey found. 92% of respondents said that PCI compliance measures are necessary and nearly 80% said that their businesses were more secure than if PCI were not required.

Even so, compliance can be a costly burden. 16% of respondents said that their business has spent more than $1 million on PCI compliance in the past five years and nearly 30% have spent between $100,000 and $1 million. And those figures stand to rise as 70% said they anticipate their spending will increase this year.

The challenges of PCI compliance are not just budgetary or technical, says Kost. “There’s a human element as well,” he says.  In fact, educating employees on the proper handling of cardholder data was the most mentioned difficulty, cited by 45% of respondents. 

But because there are evolving PCI standards, retailers can’t rest, he says. “Progress has been made, but there is more work to be done.”


comments powered by Disqus




From The IR Blog


Anna Johansson / E-Commerce

Why is social proof big for niche brands?

A small online retailer that lacks brand recognition can get a big boost from high ...


Donn Davis / E-Commerce

Technology takeover: The fashion industry is next

We are now entering the third decade of the Amazon effect, and it is just ...

Research Guides