Picture of a credit card
New standards are designed to prevent credit card fraud

Payment security is lagging

Failure to comply with card data rules puts UK businesses at risk

Written by Lisa Kelly

Computing, 27 Sep 2007

Just one in 10 UK merchants are compliant with payment card data security rules, leaving them open to security breaches and criminal attacks.

Only 11 per cent of retailers, financial services institutions and other businesses accepting card payments conform to the Payment Card Industry Data Security (PCI DSS) rules, according to a survey by secure transaction specialist The Logic Group.

The guidelines were developed by the PCI Security Standards Council, a global forum established by credit card firms ­to help prevent security breaches such as fraud and hacking.

The penalties of non-compliance are starting to be felt, said MasterCard vice president Paul Baker.

“Non-compliant merchants are realising the impact through the account data compromises or hacks that are now being seen,” he said.

“The damage to the brand and to customer confidence can be extreme. Our aim is to move all merchants to a compliant status as quickly as possible.”

More than four out of five relevant businesses have assessed the impact of meeting the PCI DSS requirements, says the survey. But six per cent of respondents have neither started working towards compliance, nor intend to.

Insiders say the standard needs to be more widely publicised. “Awareness is growing, but I am amazed at how many people do not know about the standard,” said one hospitality industry source.

“And many people think their software is secure but do not realise compliance means much more.”

One explanation for the slow progress is that attention has been focused elsewhere, said Gartner research director Alistair Newton.

“There has been a lack of priority in the retail community ­ merchants in the UK have been busy implementing the highly-visible chip-and-PIN so the back-end storage issues have slipped,” he said.

In May TJX, the parent company of high-street chain TK Maxx, admitted nearly 46 million credit and debit card records had been stolen over an 18-month period from July 2005. The breach cost the company nearly $130m (£64m).

“What happened to TK Maxx should drive retailers to compliance because it shows the reputational damage of a breach,” said Newton.

reader comments

related articles

Pressure on retailers over data compliance

Many could struggle to meet new security standard, reports Dave Friedlos 03 May 2007

 

Firms slow to apply card standards

Study shows 40 per cent of firms have no plans to achieve PCI standard 07 Dec 2006

Retailers ignore security plan

Survey suggests new data security standard having little effect 22 Sep 2005

latest news

Red Hat a good fit for Qumranet

Open source behemoth opens up Windows opportunities with acquisition of virtualisation specialist 05 Sep 2008

Infor praises partners

Software vendor outlines its channel vision at second annual EMEA partner summit in Marbella 05 Sep 2008

Version One and Accurate launch university push

Software vendors link arms to create integrated document and financial management offering for universities 05 Sep 2008

More news

Most commented stories

More

poll

Stormy times ahead for PBX?

Stormy times ahead for PBX?

Will the credit crunch affect PBX takeup?

Previous poll results

In The Studio With CRN: Josh Claman, Dell

In an editorial coup for CRN, Josh Claman, vice president of EMEA channels at Dell, talks to CRN TV about the vendor's channel plans

CRN Fight Night bouts are LIVE!

ALL the bouts from CRN's first ever white collar boxing event at The Brewery in Chiswell Street, are now online in their full glory for CRN readers to watch.

More CRN TV

events

CRN Golf Challenge 2008

CRN Channel Golf Challenge 2008

CRN's annual golfing day will this year be held on 16 September at a championship course in East Sussex

CRN Reseller Leadership Forum logo

CRN Reseller Leadership Forum

An exclusive channel conference from CRN, to be held over one action-packed day in September 2008

More Events

Newsletter signup

Sign up for our range of FREE newsletters:

Existing User

Newsletter user login:

Advertisement

White papers

Search white papers

Top categories