This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

UK retailers prove to be generally aware of PCI DSS but concerns that 13.8 per cent are completely unaware of it

Share this article:

Almost a third of UK retailers are completely unaware or only partially aware of the new version of the Payment Card Industry Data Security Standard (PCI DSS).

Research by LogLogic found that 13.8 per cent of respondents were completely unaware of the version two, while 15.5 per cent said that they were only partially aware of it.

Also, when respondents were asked if they knew that PCI DSS 2.0 contains significant changes and clarifications relative to the expected network architecture and virtualisation, only 36.2 per cent said that they were aware of this.

Also, when asked how auditing by the payment card issuers has changed in the past twelve months, the survey revealed that 62 per cent said that audits were becoming more, or much more prevalent.

In a year that saw the release of version two of the PCI DSS standard, Guy Churchward, CEO at LogLogic, said that the findings showed that in terms of attitudes and implementation, there is still a lot more to do.

“It is not just a case of ‘achieving compliance', it is a matter of completing the audits and staying on top of the requirements. It is a long term commitment to the business and to protecting customer data. The research clearly shows that retailers need to get up to speed with the new version pretty quickly, if they are to meet the increasingly regular audit requirements,” he said.

On a positive side, 50 per cent of respondents saw the PCI DSS guidelines as a valuable addition that helps them keep up-to-date, while 17.2 per cent said they used it as a way to justify spending on technologies which are useful outside of PCI mandates.

Shlomo Kramer, CEO of Imperva, asked of the 70.7 per cent who were aware of the new changes, how many saw it as a burden and how many saw it as an opportunity? "That is the interesting statistic, how many retailers view PCI as an opportunity to improve their security posture, which is usually the ones who do PCI right," he said.

"Over the years seeing more organistions take it seriously and for all of its faults, it is a very positive mandate. it is detailed, it is practical and you understand what you need to do. It is not compliance, it is a security standard and it is the new type of security."

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

Shellshock: Millions of servers under attack

Shellshock: Millions of servers under attack

In the wake of Shellshock, end-users and security managers race to patch web servers and desktops, but may be forgetting vulnerable embedded devices.

Londoners agree to give child away in return for free WiFi

Londoners agree to give child away in return ...

Hundreds trapped and exposed by fake 'poisoned' WiFi hotspot.

Cybercrime-as-a-service the new criminal business model

Cybercrime-as-a-service the new criminal business model

A new report from Europol's European Cybercrime Centre (EC3) reveals that cybercrime is being increasingly commercialised, and by criminals who use legitimate services to hide their activities.