Visa, MasterCard International, and other payment card companies require merchants and others who process credit-card transactions to comply with the PCI standard for protecting cardholder data.
A survey of 65 IT professionals by encryption firm Protegrity showed that 53.9 percent do not believe their companiees are entirely clear about the PCI requirements, or other regulations such as Sarbanes-Oxley and HIPAA.
Merchants processing more than 20,000 credit-card transactions per year faced a Thursday deadline to comply with the PCI standard. Non-compliance can result in fines and loss of the ability to handle credit-card transactions.
The PCI standard outlines 12 requirements, including encrypting transmission of cardholder data and implementing a vulnerability management program.
Both Visa and MasterCard have said that payment processor CardSystems Solutions was out of compliance with their security requirements. About 40 million credit-cards of all brands were exposed to potential fraud when an attacker broke into CardSystems Solutions' network.
Last week, SC Magazine reported a class-action lawsuit has been filed in California on behalf of credit-card holders and merchants against CardSystems Solutions, Visa, and MasterCard after the security breach that exposed 40 million credit cards to potential fraud.