PCI Data Available
Interesting information was made available today from VISA about PCI Compliance status for Level 1, 2, and 3 merchants. Find it as a .pdf >>here<< [link to http://usa.visa.com/download/merchants/cisp_pcidss_compliancestats.pdf no longer works] (thanks to Mike Dahn for bringing it to our notice).
**UPDATE** You may want to check out what Pete Lindstrom has done with that data, in his Blog Post, “Is PCI Working?”
I’m confused… are we supposed to take L2-3 “compliant” numbers at face value? How do we know these merchants are actually compliant? Filling out a SAQ is very easy, but validating those claims is a completely different story, isn’t it?
Ben, we life in a world of bounded rationality and limited information. The stats are based on reported information. Also, these are not “compliance” numbers but rather “validation” numbers.