Retailers struggle to meet PCI deadline

The new regulations stipulate that all merchants that accept payment card transactions after this date will have to use either a specialised firewall to protect web applications, or complete a web application software code review to ensure that all transactions are secure.

Even though these measures have been encouraged as best practice for 18 months, Gartner's research suggests that confusion over the actions retailers need to take means that many are not in a position to live up to the new rules.

Furthermore, information security consultancy DNS believes that even retailers that have started the process are in many cases looking for a quick fix instead of undertaking a full code review.

"With the deadline rapidly approaching retailers are going to be looking to bring in security policies quickly to ensure that they adhere to this regulation," said Lee Lawson lead penetration tester at DNS.

"But the PCI-DSS has been brought in for a reason and, unless companies fully understand the sensitive nature of the customer information they hold, the problems will continue and customer confidence will keep falling."

DNS reckons that, although this will bring retailers in line with current regulation, it still leaves them exposed to attack.

"We have come across companies who are unsure of what steps they should be taking and have left it until the last minute," concluded Lawson.

"They should not be looking for a quick fix in this case. It does not help the company long term as increased regulation is inevitable, and certainly does not help the customer if there are still flaws in existing applications."

Copyright ©v3.co.uk

deadline meet pci retailers security struggle to