UK firms criticised for non-compliance

UK Firms and PCIA survey has found that a notable percentage of UK-based businesses are not ready to meet the new PCI DSS regulations, putting many organisations in a position where they may breach new rules which will be gradually applied from June 2010.

A total of 100 firms from various sectors, including retail and finance, were questioned as part of the survey and only 11 were found to be certifiable under PCI DSS regulations.

PCI DSS rules were first proposed in 2004 and the newest changes will require universal compliance by September this year. The biggest players in the industry, including Visa and MasterCard, are all in support of these standards which are intended to cut down on fraud.

Redshift Research published the results of the survey, which was carried out in order to assess the typical attitude towards PCI DSS changes within UK businesses.

An 89 per cent level of non-compliance was indicated by the survey and it was also revealed that over a third of the businesses questioned did not comprehend the necessity of PCI DSS certification.
Many of the businesses that are still unable to meet the PCI DSS are uncertain as to whether they will be able to make the necessary changes before the September deadline.

Redshift Research’s Guy Washer said that his firm approaches many businesses in the course of a typical survey and around 40 per cent of potential respondents turned down the chance to participate, which is nearly twice as many refusals as normal.

Mr Washer believes that many firms were uneasy about participating because they were already aware that their current payment card practices were inadequate in the face of impending industry security improvements.

Under PCI DSS rules, four tiers of responsibility differentiate between the firms processing the largest and smallest number of card transactions annually.

It is believed that whilst larger firms are fully aware of their responsibilities relating to payment card security, small and medium sized businesses which deal with fewer transactions each year are failing to grasp the changes required under new regulations.