Small retailers still lag on PCI security compliance

Summary:Which is more troubling: the fact that one in five SMB retailers still aren't PCI DSS compliant or that another 14 percent of them don't know?

Given the details that keep creeping out about Target's big data breach last November, I can only imagine the booth and meeting conversations that technology vendors are going to have about privacy and security this week at the big National Retail Federation trade show in New York.

Still, I wasn't all that surprised to read the results of a recent survey by Fortinet focused on assessing the security readiness of small retailers: It turns out that one in five of them (yep, 20 percent) still are not compliant with the PCI Data Security Standards that they are supposed to be applying to their point of sale (POS) technology.

Another 14 percent of 1,000 retailers surveyed aren't sure of their status, according to the Fortinet data.

"This survey was eye-opening for us," said Patrick Bedwell, vice president of product marketing for the security company, said in a statement. "Despite looming threats and stiff compliance penalties, more than a fifth of SMB retailers are still not PCI-compliant, while many are falling short of security best practices like password safety."

The survey was conducted on behalf of Fortinet by GMI, a division of Lightspeed Research. It included retailers with fewer than 1,000 employees.

Here are some of the other high-level findings:

  • 55 percent of the respondents WERE NOT familiar with their state's security breach requirements
  • 60 percent DO have password protection policies for their store's Wi-Fi network, and they enforce them 
  • 40 percent DO NOT require employees to change passwords
  • 29 percent DO NOT have a data disposal policy (while another 12 percent of the respondents weren't sure)

As more small businesses invest in tablet-centric POS solutions , I can't help but wonder whether this will exacerbate the situation or set more retailers on the right path to better security. At the very least, it should prompt more of them to boost their awareness level. 

Topics: SMBs, Security


Heather Clancy is an award-winning business journalist specializing in transformative technology and innovation. Her articles have appeared in Entrepreneur, Fortune Small Business, The International Herald Tribune and The New York Times. In a past corporate life, Heather was editor of Computer Reseller News. She started her journalism lif... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.