Merchant Link Finds PCI Compliance and Credit Card Frustrations
Merchant Link has announced results of a survey on credit card security and PCI compliance among attendees of the recently completed 2008 Multi-Unit Restaurant Technology Conference (MURTEC 2008) finding that "corporate reputation and customer concerns regarding the security of their data are the primary worries in the hospitality industry in terms of credit card use among restaurants of all sizes and styles."
Respondents ranked "security of customer credit card data" the highest among a range of credit card transaction concerns, and more than two-thirds (68%) indicated that customer worries regarding credit card data security have increased over the past couple of years.
While most of the respondents reported that their companies are either payment card industry data security standards (PCI-DSS) compliant or very knowledgeable concerning compliance - and virtually all consider their restaurants' systems to be secure - more than a third said they find PCI compliance requirements confusing and expensive.
When asked what steps they would take toward PCI compliance, a majority of respondents indicated they would look for a solution that takes data away from their POS systems and keeps it safe and secure.
"Our survey reinforced what we hear from our restaurant clients every day, and reflective of the credit card security breaches which have affected merchants of all sizes," said Merchant Link President Christopher Justice. "MURTEC attendees understand the very real threats to their customers and brands posed by hackers, and while they have taken steps to secure their POS systems, are unsure whether they've done enough."
Detailed Survey Results:
68 percent of respondents say their customers' concerns regarding credit card security have increased, while 26% say they've stayed the same.
Top credit card security problems most worrisome to the hospitality industry (percentages of respondents indicating a concern with each item; respondents selected up to three items)
- Value of company's brand in event of a credit card compromise 75%
- Shifting PCI compliance standards and deadlines 42%
- Tech costs involved in protecting credit card data 35%
- Possibility of a breach by hackers 35%
Experience with/criticism of PCI compliance (for those with awareness and understanding of PCI compliance; percentages of respondents indicating each)
- We are PCI compliant 48%
- We are well on our way to becoming PCI compliant 39%
- We view PCI compliance as extraordinarily expensive 30%
- We are confused and frustrated by PCI compliance standards and deadlines 25%
- We really have just begun to examine how to become PCI compliant 16%
What is preventing you from achieving PCI compliance? (percentages of respondents indicating each item; respondents could check multiple items)
- Old, existing legacy POS system 100%
- Currently use multiple POS systems across country 75%
If you had to become PCI compliant tomorrow, what do you think your company would need to do? (percentages of respondents indicating each action; respondents were asked to check all actions that applied)
- Use a solution that takes the data away from my POS and keeps it safe and secure 58%
- Use a software system that encrypts the sensitive data 22%
- Upgrade our existing POS system 19%
- Use a solution that masks the sensitive data 13%
- Replace our existing POS system 10%
RESPONDENT PROFILE
These results are based on a confidential online survey Merchant Link issued beginning March 5 and ending March 28, 2008 to approximately 250 MURTEC attendees. About half of the respondents represented QSRs, and half casual/family restaurants. The majority of respondents (78%) reported their restaurants' revenues exceed $50 million.
Add your comment... (note that all comments are reviewed before they're published)