Just one in ten UK businesses are fully PCI DSS compliant, despite the looming 30 September deadline for some organisations.
According to a survey by the Logic Group, six per cent of companies have not started the compliance process or are not even planning to.
This could be due to a lack of information about the updated requirements. More than half of those surveyed said that they did not get enough support from banks and international card schemes.
Despite this, awareness of PCI DSS amongst British organisations is on the rise. All of the respondents questioned were aware of the requirements, up from 85 per cent in 2006.
The study also found that more than three-quarters of companies have undertaken an impact assessment on PCI DSS, a 56 per cent increase from last year.
In a statement, Mark McMurtie, marketing director at the Logic Group said: "What is encouraging is that all the merchants are now aware of what needs to be done. The critical next step for most companies is to get board approval for the necessary remediation work to be sanctioned".
The survey questioned a range of UK organisations, including retailers, financial institutions and other businesses that accept card payments.