The research, published by Connected World, a communications specialist, took in responses from more than 200 contact centres, and found that just 36.7% of centres judged themselves to be fully compliant with PCI DSS, with 89% admitting to not understanding its requirements and penalties.
The survey also found that a third of all contact centre respondents (33%) claimed – at best – to be years away from full PCI DSS compliance, with a fifth (21%) stating that their processes will never be in full accordance with the standard's stringent requirements.
According to Connected World, the PCI DSS requirements for telephony payments are stringent and regarded as one of the most challenging aspects for contact centres to comply with.
More than a quarter of survey respondents (28%) said they had some safeguards in place to protect sensitive data but felt they would benefit from tighter security measures to better protect their customers.
Interestingly, whilst the overall PCI DSS message of compliance appears to be getting through, only a limited section of the market is actually aware of the requirements of the standard.
Of those that were aware of the term, researchers found that only 41% stated that compliance with the PCI DSS standard was crucial to the future of their business.
The remaining 59% described compliance with the standard as "not a top priority" or "something we need to find out about".
Jamie Price, Connected World's director, said he has been amazed by the level of confusion in the market, especially given the penalties that card issuers can impose if they find a vendor to be in breach of the standard's requirements.
"Contact centres urgently need to attend to their processes, or they could be held accountable for security breaches and fraud that would otherwise by covered by the card issuer", he said.
On a wider level, the survey is said to have revealed a clear need to heighten awareness as well as adjust processes and tools in use in day-to-day operations.
Connected World claims that, in order for PCI DSS compliance to be fully achieved in a contact centre, many levels within the organisation need to be engaged in the process, from staff training, all the way to telecoms security.
Despite this, more than 74% of respondents admitted that the issues are not clearly understood across their organisation and just 11% respondents said they fully understood what the standard demands and the consequences of not conforming.
In addition, researchers found that 68% of respondents said they were confident that they were processing telephony payments securely despite not fully understanding the PCI DSS requirements.
This, says the company, suggests a level of indifference to the standard in the industry and a marked belief that contact centres are already doing enough to protect customer data.
"Now is not the time for contact centres to bury their heads in the sand", said Price, adding that the standard is complicated and full compliance is not that easy to achieve.
"Whatever you think about the standard, it won't change the fact that your business is at risk if you fail an assessment. Moreover, call centres that operate on behalf of customer organisations could suffer severely should they be exposed as non-compliant", he noted.