Growth in payment card transactions makes PCI DSS compliance more important than ever


by Natasja Bolton, Senior Acquirer Support QSA

The UK Cards Association’s 2017 report on UK Card Payments, released on 19th June 2017, reported a doubling of debit and credit card purchases in the last 10 years.  The volume of card transactions reached 16.4 billion in 2016, an increase of 146% from 2006, even though the total number of payments cards in issue has not changed.


This massive growth, with 77% of retail spending made on debit, credit and charge cards, is yet another indicator of the continued importance of the PCI DSS as the benchmark for the protection of that payment card data.


Some of the growth in the number of purchases is associated with the increasing consumer move towards contactless card and mobile NFC payments for lower value payments. Where previously cash would be the only accepted payment method, for example, public transport and ticket payments. 


Webpage URL

Find out more about our PCI DSS compliance services by clicking the button below


The report identified a three-fold increase in contactless transaction volumes in 2016.  This growth in contactless payments appears to support Sysnet’s assertion, reported in September 2016, that 2017 will be the year when mobile payments truly become a consumer expectation. 


The TSYS U.S. Consumer Payment Study 2016 found increasing percentages of U.S. consumers using mobile NFC payments in-store compared to last year. The study also found that 44 percent of consumers are likely, definitely or have already loaded their credit card information to their mobile phone or digital wallet. 


As we observed back in September, changing consumer attitudes to paying in cash on both sides of the Atlantic mean micro merchants that don’t accept card payments and business that can’t accept contactless payments, need to take action to make sure they can be paid by all of their customers.


However, it seems that businesses have risen to meet that challenge, with the UK Cards Association also reporting a 63% increase in the number of UK retail outlets now taking card payments, to just over 1 million retailers.  The report recognises the increasing availability of mPOS and small business card payment solutions and their adoption by micro merchants and smaller business enabling them to realise the benefits of payment card acceptance.   


Identifying a further change in the make-up of UK card acceptance at the point of sale, as the growth of retailer-owned terminals (a 15% increase in 2016) outstripped that of acquirer-owned terminals (1.6%). 


This shift is likely to be seen in the U.S. as well, as mPOS vendors focus on small retailers. Mastercard cited industry reports that ‘the cost of point of sale (POS) devices as one of the top reasons why smaller businesses may be hesitant to accept card payments’ but it seems that mPOS solution providers are targeting their solutions at these smaller businesses; Business Insider noted Business Intelligence’s forecast of 27.7 million U.S. mPOS installations by 2021, with the move to EMV and lower cost of mPOS being the drivers.


With many more retailers and outlets accepting payment cards, and using directly sourced rather than acquirer-supplied solutions, it becomes even more important that the card security good practices of the PCI Data Security Standard are disseminated to those businesses and embedded in their day to day operations.


Online growth continues

Online retail payments is the other growth area linked to the doubling of card purchases: 35% of UK issued card total spending in 2016 was online. While the value of online card spending at UK merchants rose to 24% (from 21%) of the total. The report also showed that the increase is not just of traditional ecommerce. In 2016, 53% of online spending was made from tablets and smartphones; further supporting Sysnet’s mobile payments and changing consumer expectations assertion


The UK Cards Association report predicts continued growth for mobile payments with consumers using their smart devices for both online and in-app purchases. This same trend is found in the U.S., where mcommerce spending is increasing by 45% every year.  As consumers grow more comfortable with mobile payments so businesses will seek to exploit this by developing their online payment acceptance methods, expanding into social media and in-app purchasing.


It is therefore essential that messaging about securing online ecommerce and mcommerce payments reaches businesses.  So that as businesses defined and develop their online payments offerings, card data security is a fundamental consideration. It is key that businesses realise their responsibility to ensure the protection of not only the consumers’ card data but also their personal data, whether the business develops these capabilities in-house or engages third parties to deliver it for them.


Like this Article?

Subscribe to receive more tips & news about Cyber Security, Compliance and a lot more!

  • Sysnet Global Solutions will use the information you provide on this form to be in touch with you regarding non-promotional as well as promotional material by email and phone. If you agree to same, then please select the ‘I consent’ box after reading the terms and conditions listed below in relation to consent. You can change your mind at any time by clicking the unsubscribe link in the footer of any email you receive from us, update your preferences for communications, content etc. by clicking on the update my preferences button in any email we send you or by contacting us at We will treat your information with respect. For more information about our privacy practices please visit our website. By clicking below, you agree that we may process your information in accordance with these terms. We use Pardot as our marketing automation platform. By clicking below to submit this form, you acknowledge or agree that the information you provide will be transferred to Pardot for processing in accordance with their Privacy Policy and Terms