Retail Technology
| Log in | Subscribe
Subscribe | Log in
Retail Technology
Subscribe

Low visibility amongst retailers found despite data security standard audits becoming more prevalent

Low visibility amongst retailers found despite data security standard audits becoming more prevalent

 

LogLogic, security event and incident management systems provider, has announced the results of an independently commissioned survey examining visibility and awareness amongst UK retailers for the new Payment Card Industry Data Security Standard (PCI DSS) version 2.0, released in October this year.

 

The research has indicated that 13.8% of respondents were completely unaware of the new version and 15.5% confirmed they were only partially aware of it. The majority (70.7%) did confirm they were aware of the new standard, which implies that the majority were prepared for or working towards meeting the requirements.

 

Unaware of regulatory changes

 

However, when respondents were asked if they knew that PCI DSS 2.0 contains significant changes and clarifications relative to the expected network architecture and virtualisation, only 36.2 % could say ‘yes,’ that they did know of this. A huge 63.8 % were partially or completely unaware of the new requirements, suggesting their PCI compliance could be at risk or at the very least isn’t as thorough or as up-to-date as it should be.

 

Interestingly when asked how auditing by the payment card issuers has changed in the past twelve months, the survey revealed 62 % said that audits were becoming more, or much more prevalent.

 

The survey also looked at attitudes towards PCI DSS and version 2.0 changes and on the positive side, 50% saw it as a valuable addition that helps them keep up-to-date and 17.2% said they used it as a way to justify spending on technologies which are useful outside of PCI mandates. On the negative side, 17.2% saw it as a continual regulatory headache, and 5.2% viewed it as another costly ‘tick in the box’ exercise, with no obvious benefit to the company or its customers.

 

Steep learning curve to mount

 

Commenting on these findings Guy Churchward, LogLogic chief executive, said: “These findings are very interesting. Retailers have come a long way since the introduction of PCI DSS back in 2004, in terms of attitudes and implementation, but there’s still a lot more to do. It’s not just a case of ‘achieving compliance,’ it’s a matter of completing the audits and staying on top of the requirements – it’s a long term commitment to the business and to protecting customer data. The research clearly shows that retailers need to get up to speed with the new version pretty quickly – if they are to meet the increasingly regular audit requirements.”

 

The findings were based on quantitative research conducted in November and December 2010 amongst 58 retailers in the UK. Participants held the position of IT manager or director and were from retail organisations with more than 50 outlets.