According to Brian Contos, Imperva's security strategist, 71% of companies are failing to treat the Payment Card Industry Data Security Standard (PCI-DSS) as a strategic initiative, even though 79% of them have experienced a data breach.
Researchers found that 55% of respondent firms do not secure social security numbers, driver's licence numbers, and bank account details.
Interestingly, the research found that consumers are more at risk with smaller businesses
"We found that, whilst PCI-DSS compliance is of major interest to enterprise users, there's still a way to go with smaller businesses", Contos told Infosecurity.
"The vast majority of companies that need to be PCI-DSS compliant say, however, that they are very receptive to suggestions on compliance, but they are not overly concerned about the issue."
"It's a bit like paying taxes. Companies know they have to abide by the rules, but they don't put an immense amount of effort into the PCI-DSS compliance."
Contos said that the survey also found that companies taking a strategic approach to PCI-DSS compliance have fewer data breaches.
Based on these findings, Imperva is making a number of specific recommendations to consumers, businesses and the PCI-DSS Council to improve the safety of consumers' personal information