With the deadline looming for large retailers to get behind the PCI rules governing the way high-street shops look after credit card data many are not ready for to be compliant.
From 30 September major retailers will be expected to prove that they are PCI compliant and have the ability to meet the security requirements that means customer data will be protected.
Tier one merchants, those delivering more than six million transactions a year, will have to be fully complaint from the end of September. Their lack of preparation has already been identified as an opportunity for security resellers.
So far online retailers seem to have been quicker to get to grips with PCI with their physical counterparts struggling to get ready.
Graham Boler, consultant at ECSC, said that there was still some way to go for the retail industry to get itself sorted.
"Most merchants are really now only coming to terms with the standard. While the larger retailers have embraced it pretty strongly, in the UK the next tier of high street retailers are only estimated to be about five per cent compliant," he said.
Neil Lathwood, IT director at UKFast, added that the threat of fines was a real one that retailers could not afford to ignore.
"By not investing in the standard retailers are shooting themselves in the feet and putting themselves at a disadvantage to their competitors. They are also leaving themselves open to huge fines," he said.