IT security employees in the retail sector have not implemented the latest security standards for card payments, new research has revealed.

The Payment Card Industry Data Security Standard (PCI DSS 3.0) is made up of 12 requirements designed to standardise controls surrounding card holder data and to better protect consumers and merchants against security breaches.

However, a survey of 1,320 UK- and US-based employees in IT security in the retail sector, by Tripwire and the Poneman Institute, revealed they had not implemented these security requirements.

The research found that 59% had not carried out penetration tests to identify any risks in their network. Another 66% had not measured the number of intruders accessing their networks, while 62% said they were not communicating the true facts about the state of security within their company to their security executives.

Michael Thelander, director of product management for Tripwire, said: "Although these survey results don’t reflect it, the retail industry is very focused on PCI 3.0 compliance.

"And Tripwire is hard at work to make these new controls less expensive, easier to implement, more scalable and more intelligent out of the box."