A new standard comes into force this month that will affect all businesses that accept credit cards. The deadline for Payment Card Industry Data Security Standards (PCI DSS) falls on the 30 June. Experts warn that some businesses will not be ready for the regulations, while others may have overlooked specific issues.
"There are certainly lessons that can be learned following the US adoption of PCI regulations, many businesses were not well prepared at all," said John Pescatori, vice-president at Gartner. "There will be different key issues in the UK, however. For example, although European companies generally have better database security, standalone card readers in retail environments will cause problems. These are difficult to patch, and some can store card details in breach of the standard."
In theory, any company failing to meet the standard by the due date will be subject to fines of up to £250,000 per incident, and face having their ability to process card payments withdrawn. But experts predict that penalties are likely to be applied less harshly. "Banks will be looking for companies to have a plan in place," said Ian White, EMEA compliance practice leader at Cybertrust (pictured). "The vast majority of businesses are taking steps towards compliance, but not all. I don't think that the potential fine is the reason for this action, though, it's the risk of losing customer confidence."
The PCI guidelines were agreed upon by Visa, MasterCard, Discover, American Express, and JCB. Previously, each card brand had its own set of requirements.