Survey Results
Credit Card Security a Priority, But Not Well Understood
In the last issue, we asked readers if they are familiar with, and compliant with, the Payment Card Industry Data Security Standards (PCI DSS) rules. Though most respondents report that security is a high priority and feel that their company is safe from data compromise, they are fairly evenly split with respect to actually understanding what steps are needed to achieve compliance. Read on for full results.
1. How familiar are you with PCI DSS?
Somewhat familiar ... 52%
Not familiar ... 27%
Very familiar ... 21%
2. Do you know and understand what steps to take to become PCI compliant?
Yes ... 55%
No ... 45%
3. Whom would you go to for help? (Totals exceed 100 percent as respondents could select multiple answers.)
Your credit card processor ... 89%
Your IT person ... 50%
Your point-of-sale software vendor ... 36%
Your trade association ... 11%
Other ... 25%
4. How important is data security to you and your business?
High priority ... 75%
Low priority ... 22%
Medium priority ... 3%
5. How safe is your company from data compromise?
Very safe ... 85%
Somewhat safe ... 15%
Not safe ... 0%
Readers have also told us:
“I am in the midst of trying to decide whether to refuse being held hostage and stop taking credit cards, or continue to be powerless and let the greed continue! In my research it became clear to me that the credit card companies do not believe that the fees being paid by business are enough. They will squeeze more from us, feeling safe that we won’t stop using their products. As I started down the road to become ‘compliant’ which I now am, I found that deals got cut in back rooms and ‘we’ have no voice or say. I would like to point out that it is Visa International, Mastercard International, etc. These entities are bigger than any government. You’re right. Our options are lousy. I would love to see this discussed further in your publication. I'm sure there are other options ... We just haven't though of them yet.”
Rebecca Deerwater
President, Racines of Fort Bragg
“I answered ‘very safe’ for question 5, but that is an assumption that our IT person has it covered.”
“This is the most convoluted process I have ever experienced in 26 years in business. No one is clear about what needs to be done and by whom. Some companies are putting security compliance on their customers (retailers) because of the shortcomings of their (suppliers’) systems. It is hard to know what you are to do, who is responsible and when it needs to be done. You feel like you are walking through some legal minefield with the answers you get. The real heart of the issue is the true legal tender of this country (and the world) is credit cards, and this is basically an unregulated private system.”
“I am not totally sure of any of my answers. I have heard some info through other retailers who have been contacted by their credit card processor and had the process and reasons why this is important explained to them. I have had no such contact and really would like to, as I need to know more about this issue. We do not take credit card payments on our website at this time, but will begin soon.” |
