Lack of awareness for PCI DSS 2.0
New research by LogLogic has indicated that 13.8 percent of respondents are completely unaware of the new version and 15.5 percent confirm they are only partially aware of it.
The majority (70.7 percent) did confirm they are aware of the new standard which implies that the majority are prepared for or are working towards meeting the requirements. However, when respondents were asked if they knew that PCI DSS 2.0 contains significant changes and clarifications relative to the expected network architecture and virtualization, only 36.2 percent could say yes, that they did know of this.
A huge 63.8 percent were partially or completely unaware of the new requirements meaning their PCI compliance could be at risk or at the very least isn’t as thorough or as up-to-date as it should be.
Interestingly when asked how auditing by the payment card issuers has changed in the past twelve months, the survey revealed 62 percent said that audits were becoming more, or much more prevalent.
The survey also looked at attitudes towards PCI DSS and version 2.0 changes and on the positive side, 50 percent saw it as a valuable addition that helps them keep up-to-date and 17.2 percent said they used it as a way to justify spending on technologies which are useful outside of PCI mandates.
On the negative side, 17.2 percent saw it as a continual regulatory headache, and 5.2 percent viewed it as another costly “tick in the box’ exercise with no obvious benefit to the company or its customers.
Commenting on these findings Guy Churchward, CEO at LogLogic said: “Today’s findings are very interesting, retailers have come a long way since the introduction of PCI DSS back in 2004, in terms of attitudes and implementation, but there’s still a lot more to do. It’s not just a case of “achieving compliance’, it’s a matter of completing the audits and staying on top of the requirements – it’s a long term commitment to the business and to protecting customer data. The research clearly shows that retailers need to get up to speed with the new version pretty quickly – if they are to meet the increasingly regular audit requirements.”