A recent survey by a firm offering merchant services has found that technology providers stand to benefit considerably from untapped opportunities in PCI DSS compliance in councils.
However, only 44 councils responded to the company’s requests, which likely indicate the lack of compliance that exists in this sector. Of the 44 councils that responded, only 11 said they were in compliance. 26 councils acknowledged that they weren’t currently complying with PCI. The remaining seven firms said that they were yet to be certified for PCI compliance, though they were still following the standards.
The company made use of the Freedom of Information Act (FOIA) to obtain information for this survey. From the results, it is evident that IT channel companies could tap this unmet need in the public sector. Opportunities exist in offering assistance or in developing and deploying the right products geared towards compliance.
Hallewell said that the results of non-compliance could be dangerous, as information of individuals could land in the hands of cyber criminals. More importantly, it could affect the critical day-to-day functioning of councils, leading to catastrophic effects. In such a case, councils would also be unable to accept card payments – subjecting them to the payment of fines.