Visa Australia has urged credit card merchants to become Payment Card Industry (PCI) compliant by Christmas, or risk falling victim to fraud.
PCI laws, which require basic network security measures for merchants processing transactions for Visa, MasterCard, American Express, Discover Financial Services or Japan Credit Bureau, were mandated on September 7 this year.
Security measures range from installation of firewalls for POS machine networks for merchants processing under 20,000 transactions, to third-party audits for large organizations processing more than 6 million Visa or MasterCard sales.
Visa Australia and New Zealand executive vice president Bruce Mansfield said while it is hosting PCI awareness seminars, the responsibility is on banks and merchants to comply.
"While the education campaign lifts standards, ultimately retailers need to take responsibility for protecting customers' personal information especially as Australia falls behind China in data protection," Mansfield said.
"Businesses who are lax about upgrading their security measures face a consumer backlash, loss of reputation and could be liable for significant legal costs, so business would be wise to audit their processes before Christmas."
Visa Australia and New Zealand risk manager Ian McKindley said the ignorance of banks and merchants is concerning as there are about 12 million Visa cards in Australia contributing $140 billion worth of transactions annually.
"Awareness of PCI in Australia is far lower than we would have hoped despite a series of seminars being held in Australia and New Zealand and the distribution of more than 300,000 fliers to merchants earlier this year," McKindley said.
"Because banks have a responsibility to communicate PCI to their merchants and third-party processes, it is up to them to ensure their merchants are aware and compliant."
The seminars will be held this month in Sydney, Melbourne and Canberra and in Auckland and Wellington.