Time for Visa and MasterCard to take a victory lap. Or at least a walk of redemption. According to this Cisco survey, merchants of all sizes actually appreciate, as in “get”, the value of PCI and, for the majority, feel it’s worthwhile. Given the amount of flack the card brands have received over the standard, they should take some solace in the fact that it’s working and its value is clear.
That said, the survey results need to be tempered a bit. Merchants consistently overestimate their security position.
Vendors of payment encryption gear will no doubt be surprised that merchants report a high rate of point-to-point encryption. As always in these discussions, details matter and what’s being counted has to be crisply defined. I suspect some of those claiming to be using encryption are counting the fact they use https and not http to connect to a web-connected processor. That’s off the mark when it comes to card number encryption and would have little or nothing to do with card present transactions.
My suspicions were raised a bit further given the surprise answers of 45% of respondents (see quote below) who say they are using EMV. The survey was given to US-based organizations and as of now there are a tiny handful of locations accepting EMV payment cards. The standard hasn’t even come to the US yet. The 23% who are thinking about will get a shock when, five years from now, they discover EMV isn’t optional.
The report’s finding that merchants plan to spend more on PCI is no doubt good news for everyone because those merchants are going to have to spend more than they thought to really achieve strong card number security.
Point-to-point encryption and EMV
A whopping 60 percent were using point-to-point encryption to simplify their compliance efforts and possibly reduce the scope of their next PCI assessment.
Nearly 70 percent of financial services organizations were using point-to-point encryption.
Forty-five percent of survey respondents indicated they were using EMV to reduce the likelihood of card-present fraud.
Another 23 percent were not yet using EMV, but were thinking about it.
Read more of the Cisco press release: http://www.marketwire.com/press-release/Cisco-Issues-PCI-Compliance-Pulse-Survey-Findings-Results-Reveal-Changing-Views-on-NASDAQ-CSCO-1379279.htm
Also check out the slide deck link at the bottom of the page.