Unlike the other groups, the PCI compliance for Level 4s was not specified, but merely described in the Visa documents as "low."
Fischer's slides also painted an insecure image of credit card data. The number of data "compromise events" in the United States "more than doubled" from 2006 to 2007. A different slide gave some meat to that claim, showing about 25 reported data breaches in 2003, increasing to about 125 in 2004 and about 250 in 2005.
That number of reported data breaches dropped in 2006 to about 220, but then sharply rose last year. The slide reported some 348 incidents for 2007, but then noted that it only included incidents reported through August 2007, suggesting that the 2007 total could be higher.
As with all crime reporting, it's not clear whether the numbers reveal an increase in actual data breaches or merely an increase in the percentage of such incidents that are being reported, or a combination of the two.
An ongoing security debate has been whether online or physical stores are a higher security risk. For the last few years, the conventional wisdom has been that brick-and-mortars are still responsible for the vast majority of breaches, but online is where fraudulent and stolen cards are most likely to be used.
The new Visa figures challenge those assumptions, with reports showing an even split between physical and Web stores in 2007, according to Fischer's slides.
Retail Center Editor Evan Schuman can be reached at [email protected]
Check out eWEEK.com's Retail Center for the latest news, views and analysis on technology's impact on retail.