There is a wide gap between the standards for credit card security and security measures actually in place among web retailers. On average, just 66 percent of merchants and other organizations involved in processing payment card data encrypt that data for transmission over the internet.
This compares to 100 percent among best in class organizations, according to a new study, Protecting Cardholder Data, published by the Aberdeen Group research and advisory firm. The study shows that half of retailers and other companies involved in processing and storing consumer credit card data fall behind best in class organizations. This is so by wide margins in each of twelve payment card data security standards, set by the credit card industry.
The standards, commonly referred to as PCI DSS, spell out steps that merchants and other companies that handle credit card data must take to guard against payment card data getting stolen or otherwise compromised. Visa, MasterCard, and other payment card companies have upped their fines this year to as much as $25,000 a month for large merchants that don't comply with the standards.
High profile data breaches, such as the one that TJX Companies Inc. discovered in January, are raising consumers' awareness that their payment data might not be secure. This could lead some consumers to stop shopping at retailers where they perceive a threat.
"Best in class organizations tend to take a positive strategic view towards compliance with the PCI Data Security Standard," Aberdeen said. More than two out of three best in class organizations view PCI DSS as the best available framework to guide their security strategies, while more than one of out three laggards do the minimum required to satisfy the major payment card brands, the study said.
The study is based on a survey of more than 100 merchants and other companies. Of the companies studied, twenty percent fell in the best in class category, fifty percent were average, and thirty percent were laggard, or significantly behind average performance in protecting payment card data.
Entire contents ©2017, Sumner Communications, Inc. (203)
748-2050. All rights reserved. No part of this service may be
any form without the express written permission of Sumner Communications,
Inc. except that an individual may download and/or forward articles
to a reasonable number of recipients for personal,