Via PCIDSS blog we hear that "99% of Level 1 Merchants and 92% of Level 2 Merchants have met compliance or have submitted an approved remediation program."
Is this cool or what?
I bet it is an "or what" :-)
Others say "more than a year after the TJX breach first came to light, only 30 percent of retailers are PCI compliant, according to Sophos’ 2008 Internet Security Report. "
What's the story here? Some numbers are for Visa 'Level 1s' only while others are for all merchants (all levels?), but this is still too big a difference...