Less than 50% of businesses with 20,000 or more payment transactions a year are compliant with the Payment Card Industry Data Security Standard, a survey found.
Computerworld Inc., a Framingham, Mass., provider of technology information, surveyed 123 businesses in August. Most respondents, 57%, said they had a PCI initiative in place, yet of those only 37% were compliant with the standard and 20% had not successfully completed a PCI audit.
Twenty-eight percent of respondents said they were planning a PCI initiative but 15% said they had no plans to address PCI compliance.
The most difficult part of compliance for organizations is encryption (cited by 41% of respondents), followed by security-event logging (40%) and data in transit (38%).
The survey was sponsored by nuBridges Inc., an Atlanta company that provides data security products.
"Given all of the attention to credit card breaches, it is surprising that some companies continue to put off securing the information and/or don't intend to," said Gary Palgon, nuBridges' vice president of product management.
"The higher percentages of compliance we often hear about really only covers the largest merchants, but rather when you look at the overall cross-section of companies accepting and/or storing card data, we still have a long way to go before card data is truly secure."
Of the survey respondents, 39% accept more than 6 million card transactions a year, 20% accept 1 million to 6 million and 41% accept 20,000 to 1 million.