Some UK acquiring banks have a determined campaign in place right now to get all level 2,3 and 4 merchants to PCI DSS compliance by October. Larger merchants should all not be compliant, which means that hackers and fraudsters will logically turn their attention to smaller companies that may still be vulnerable. So, while PCI Compliance for smaller businesses will certainly create a resources challenge for them, it one to which they are simply going to have to rise – or face fines and penalties from the payment brands.
In Nevada, PCI compliance for all merchants who accept a Nevadan citizens payment card has now been made law with effect from 2010 – this is a major step forward in terms of bringing this compliance regime onto a statutory footing, and we shoudl expect to see the process gather pace.
Is it not still the case that many UK retailers are still not PCI compliant despite the several deadlines?
As far as I am aware no fines have been been imposed in the UK so I assume that retailers are only doing the minimum, particularly given the current state of the economy.