Orthus Limited recently completed a survey of 1,000 level 4 merchants in UK hospitality industry. The results were somewhat unsettling, as 77 percent of the respondents falsely believed they were compliant with PCI standards.
Companies that handle any consumer payment card data must follow PCI compliance guidelines, or risk facing fines and other significant repercussions.
According to the survey, just 36 percent of respondents claiming to be PCI compliant have completed security penetration testing. Furthermore, none of the respondents had completed wireless network security scanning, and just 24 percent said the have performed self assessments.
Orthus attributes most of the confusion to vendors, who often sell products claiming they make companies PCI compliant without explaining the big picture of what it takes to follow the regulatory guidelines.
"Misinformation is a significant problem in the market. Vendors are selling their products as facilitating PCI compliance and buyers are not doing their homework," said Courtney Bryan, data compliance specialist for Orthus Limited.
A recent Security Park report explains PCI compliance standards mandate companies assess their internal security systems on a quarterly basis and submit to occasional audits from third-party vendors.