Visa: Large Retailer PCI Compliance Hits 65 Percent
Although the numbers do show a sharp increase, they also reflect the fact that 35 percent—more than 1 out of every 3—of large retailers today are still not PCI compliant, despite the passing of the Sept. 30 deadline and the start of the promised $25,000 per month in fines for non-compliance.
On a potentially even more scary note, Visa reported that PCI compliance among the more numerous Level 2 retailers—ones that process between one million and six million Visa transactions a year—is only at 43 percent, as of Sept. 30.
On the optimistic side of those Level 2 numbers, the Level 2 compliance was barely 15 percent in December 2006 and 33 percent in July, so this does show a healthy increase. Also, the deadline for Level 2 retailers doesnt kick in until New Years Eve of this year so its possible those numbers could sharply increase again by January.
Then again, most Level 2 retailers will have their hands full from late October through late December, so its not certain how much of an increase will materialize.
Visa issued a statement saying that it wants to see the compliance—and not the penalty revenue—go up.
“We’d much rather grow compliance than levy fines,” said Michael E. Smith, senior vice president of Enterprise Risk and Compliance for the U.S. market, Visa. “We’re making steady progress in accelerating merchant compliance with PCI standards to protect cardholder information."
A promising note was Visa saying that 99 percent of Level 1 and Level 2 retailers "confirmed they are not storing prohibited account data such as magnetic stripealso known as track dataCVV2 [the security code on the back of the card] and PIN data." Thats up from the 96 percent that Visa reported in July. Those sets of prohibited data are seen as especially attractive to data thieves.
Retail Center Editor Evan Schuman can be reached at Evan.Schuman@ziffdavisenterprise.com.
Check out eWEEK.coms for the latest news, views and analysis on technologys impact on retail.