This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

UK retailers prove to be generally aware of PCI DSS but concerns that 13.8 per cent are completely unaware of it

Share this article:

Almost a third of UK retailers are completely unaware or only partially aware of the new version of the Payment Card Industry Data Security Standard (PCI DSS).

Research by LogLogic found that 13.8 per cent of respondents were completely unaware of the version two, while 15.5 per cent said that they were only partially aware of it.

Also, when respondents were asked if they knew that PCI DSS 2.0 contains significant changes and clarifications relative to the expected network architecture and virtualisation, only 36.2 per cent said that they were aware of this.

Also, when asked how auditing by the payment card issuers has changed in the past twelve months, the survey revealed that 62 per cent said that audits were becoming more, or much more prevalent.

In a year that saw the release of version two of the PCI DSS standard, Guy Churchward, CEO at LogLogic, said that the findings showed that in terms of attitudes and implementation, there is still a lot more to do.

“It is not just a case of ‘achieving compliance', it is a matter of completing the audits and staying on top of the requirements. It is a long term commitment to the business and to protecting customer data. The research clearly shows that retailers need to get up to speed with the new version pretty quickly, if they are to meet the increasingly regular audit requirements,” he said.

On a positive side, 50 per cent of respondents saw the PCI DSS guidelines as a valuable addition that helps them keep up-to-date, while 17.2 per cent said they used it as a way to justify spending on technologies which are useful outside of PCI mandates.

Shlomo Kramer, CEO of Imperva, asked of the 70.7 per cent who were aware of the new changes, how many saw it as a burden and how many saw it as an opportunity? "That is the interesting statistic, how many retailers view PCI as an opportunity to improve their security posture, which is usually the ones who do PCI right," he said.

"Over the years seeing more organistions take it seriously and for all of its faults, it is a very positive mandate. it is detailed, it is practical and you understand what you need to do. It is not compliance, it is a security standard and it is the new type of security."

Share this article:

SC webcasts on demand

This is how to secure data in the cloud

Exclusive video webcast & Q&A sponsored by Vormetric

As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.

View the webcast here to find out more

More in News

Google and Facebook offer free cyber-security tools

Google and Facebook offer free cyber-security tools

Google and Facebook have both launched free open-source cyber-security tools this week, designed to help security professionals spot malware and cyber-attacks.

Mixed results for key Government cyber-initiatives

Mixed results for key Government cyber-initiatives

The Government's Verify scheme to confirm IDs is behind scheuduled uptake, but its CISP threat intelligence sharing scheme is ahead of target.

Hundreds of companies face 2,000 cyber-attacks in EU exercise

Hundreds of companies face 2,000 cyber-attacks in EU ...

The European Network and Information Security Agency (ENISA) conducted a 24-hour cyber-exercise in which more than 200 organisations from 25 EU member states faced virtual cyber-attacks from white hat hackers ...