Retail Technology
| Log in | Subscribe



Subscribe | Log in
Retail Technology
Subscribe

Survey issues retail PCI 3.0 warning

By Retail Technology | Friday November 1 2013

The majority of retail sector does not meet new PCI data security standards, according to recent industry security management survey results

The results of a survey into levels of readiness for the upcoming introduction of version 3.0 of the Payment Card Industry Data Security Standards (PCI DSS) have found retailers lacking.

The new version 3.0 PCI standards will require businesses to implement and perform penetration testing. And it will clarify different methods of secure authentication and session management so businesses can better protect themselves against man-in-the-middle, man-in-the-browser and other similar cyber attack methods when it becomes effective on 1 January 2014.

But the survey of over 160 UK and US retail respondents out of 1,320 IT security, operations and risk management, business operations, compliance/internal audit and enterprise risk management professionals, carried out by security management provider Tripwire with the Ponemon Institute, found very few were already prepared.

Testing a lack of readiness

Only 41% of retail respondents questioned used penetration testing to identify security risks. Just over a third (34%) measured the reduction in access and authentication violations to assess risk management efforts. And only 44% of the retail sector had fully or partially deployed file integrity monitoring.

But a further 62% of IT professionals in the retail sector said that negative facts about security risks are filtered before being communicated with senior executives.

“Although these survey results don’t reflect it, the retail industry is very focused on PCI 3.0 compliance,” commented Michael Thelander, director of product management for Tripwire. “And Tripwire is hard at work to make these new controls less expensive, easier to implement, more scalable and more intelligent out of the box.”

PCI DSS and Payment Acceptance (PA) DSS versions 3.0 will be published on 7 November 2013. Version 2.0 will remain active until 31 December 2014 to give merchant organisations adequate transition time.
RetailTechnology.co.uk also spoke with PCI Security Standards Council representatives about how the new version of the standards have been received at the European PCI Community Meeting taking place this week in Nice. Find out more here.

Related items

Breach at The Home Depot confirmed

By Retail Technology | Retail Technology

Breach at Home Depot?

By Retail Technology | Retail Technology

Online payment systems support tReds growth

By Retail Technology | Retail Technology

Retail IT experts warn on XP deadline

By Retail Technology | Retail Technology

Bakers Toolkit appoints payments processor

By Retail Technology | Retail Technology

Welcome Break speeds customer payments

By Retail Technology | Retail Technology

Surveys issue PCI warning to UK firms

By Retail Technology | Retail Technology

STUDY: Activity provider adopts MPoS

By Retail Technology | Retail Technology

Retail warned over XP end-of-support risks

By Retail Technology | Retail Technology

Learning the lessons of the Target breach

By Retail Technology | Retail Technology