With the latest deadline in credit card data compliance just two days away there are fears being expressed in the security industry over the position of retailers.
From Thursday all level one merchants, those processing more than six million transactions a year, will have to show they can deliver the guidelines set down in the PCI requirements.
Some retailers are not ready and some in the channel, most recently Alex Teh, commercial director at Vigil, have warned that the deadline is going to prove difficult to hit for some high street players.
But there are also concerns that the PCI requirements are being seen as a tick list and security as a wider solution is not being considered properly.
"Many merchants are falling into the trap of viewing PCI DSS as a list of requirements that simply need to be ticked off a list within a specific timeframe," said Ross Brewer, vp and managing director of international sales and LogRhythm.
He added that compliance was not a one-off hit and was "an ongoing process that requires the automation and optimisation of increasingly complex IT and data operations".
"Many merchants are taking a siloed approach to PCI DSS, thinking about how it impacts card transaction procedures, rather than viewing it as a set of best practices that can actually improve the performance of the entire business. While such 'kneejerk' responses to PCI mandates may seem relatively cheap to implement, in reality they are a false economy," Brewer said.