According to MD of Card Processing Advisory Service (CPRAS), said that as part of this short survey, the company had requested information from 280 councils about their compliance with PCI. CPRAS is a company that helps customers keep tabs on their card payment costs, and to cut them if they are found to be high.
However, only 44 councils responded to the company’s requests, which likely indicate the lack of compliance that exists in this sector. Of the 44 councils that responded, only 11 said they were in compliance. 26 councils acknowledged that they weren’t currently complying with PCI. The remaining seven firms said that they were yet to be certified for PCI compliance, though they were still following the standards.
The company made use of the Freedom of Information Act (FOIA) to obtain information for this survey. From the results, it is evident that IT channel companies could tap this unmet need in the public sector. Opportunities exist in offering assistance or in developing and deploying the right products geared towards compliance.
Hallewell said that the results of non-compliance could be dangerous, as information of individuals could land in the hands of cyber criminals. More importantly, it could affect the critical day-to-day functioning of councils, leading to catastrophic effects. In such a case, councils would also be unable to accept card payments – subjecting them to the payment of fines.