LogLogic, the IT audit data specialist that commissioned the survey, says the results show relatively low visibility of the security requirements amongst retailers, despite the fact that PCI audits are becoming more prevalent.
Researchers found that 13.8% of respondents are completely unaware of the new version and 15.5% confirm they are only partially aware of the PCI security standard.
The majority (70.7%) confirmed they are aware of the new standard, which the company says implies that the majority are prepared for – or are working towards – meeting PCI requirements.
However, says LogLogic, when respondents were asked if they knew that PCI DSS 2.0 contains significant changes and clarifications relative to the expected network architecture and virtualisation, only 36.2% could say yes.
Most interesting of all, Infosecurity notes, 63.8% said they were partially or completely unaware of the new requirements, meaning their PCI compliance could be at risk or at the very least isn’t as thorough or as up-to-date as it should be.
Equally interesting, when asked how auditing by the payment card issuers has changed in the past twelve months, the survey revealed that 62% said audits were becoming more, or much more, prevalent.
The survey also looked at attitudes towards PCI DSS and version 2.0 changes and on the positive side, 50% saw it as a valuable addition that helps them keep up-to-date, and 17.2% said they used it as a way to justify spending on technologies that are useful outside of PCI mandates.
On the negative side, however, 17.2% saw it as a continual regulatory headache, and 5.2% viewed it as another costly 'tick in the box' exercise with no obvious benefit to the company or its customers.
Guy Churchward, LogLogic's CEO, said that the survey's findings are very interesting – retailers have come a long way since the introduction of PCI DSS back in 2004, in terms of attitudes and implementation, but there is still a lot more to do.
"It's not just a case of achieving compliance, it's a matter of completing the audits and staying on top of the requirements", he said, adding that it is a long-term commitment to the business and to protecting customer data.
"The research clearly shows that retailers need to get up to speed with the new version pretty quickly – if they are to meet the increasingly regular audit requirements", he explained.
The survey took in responses from interviews with 58 retailers across the UK. Staff interviewed at the retailers, each of which had more than 50 outlets, were at the IT manager/director level, says LogLogic.