PCI-DSS compliance: study
- A study conducted by LogLogic with British retailers shows that most of them do not know the new PCI-DSS version well enough: 13.8% of the surveyed merchants even do not know there is a 2.0 version and 15.5% say they only have few notions as to its contents. However, 70.7% claim they know about it, which seems to indicate that most retailers are ready to make the necessary effort to respond to these requirements. 36.2% do not know it includes additional recommendations and changes in terms of network architecture and virtualisation.
- 50% consider these changes could help them, or even, for 17.2%, may account for expenses in terms of equipment. Yet, 5.2% do not see how implementing this standard could be of interest for their company, or for their customers.
- It should be reminded that the compliance phase may take more or less time and/or be more or less expensive according to the results of the IROC. Merchants not only must reach compliance but also fellow the evolutions of the standard in order to maintain it.
- LogLogic’s press release indicating that PCI-DSS is fairly well accepted by British retailers must be considered will caution, in fact, this company proposes solutions intended for merchants to comply with PCI-DSS. This security standard’s contents and compliance process are still debated and many players only implement it because they are compelled to do so, even though it tends to be more and more established. Some players, who disagree on some sections of this standard, still consider that it advantageously makes the companies consider security issues in a rather complete manner and rationalize their payment processes.