Organisations which process large volumes of credit card transactions have just a month before the new Payment Card Industry standards come into force - but Woolworths is yet to fully comply with even the current regime, potentially exposing the retail giant to fines of up to A$500,000.The current PCI standard compliance deadline for large organisations handling more than six million credit card transactions a year fell on 30 September this year, but Woolworths' group information security manager, Peter Cooper, yesterday acknowledged that the retail giant was still plugging the gaps.Cooper told delegates at a Cebit-organised security conference that when he left the Reserve Bank to join Woolworths three years ago he identified PCI compliance as a key issue for the organisation and began a program of PCI remediation."We had quite a few gaps - we are filling them in now," he said. Cooper said he presents regular reports on PCI readiness to the Woolworths board. He declined to comment on when the company might achieve full compliance.Version 2.0 of the Payment Card Industry Data Security Standard (PCI DSS) comes into force on January 1, 2011. Until then compliance with the current standard (version 1.2.1) is required by organisations that accept credit card payments.This standard requires organisations to adhere to six codes and 12 requirements, including filing the results of integrity monitoring, conducting vulnerability scans each quarter and, for the largest organisations, submitting to penetration-testing once a year.  While the new standard is not radically different to the current one, organisations have only a few days left to prepare for the new regime.Woolworths is notionally at risk of fines of up to $500,000. These can be levied by credit card providers on issuing banks and are generally passed on to the offending card-processing organisations.While Woolworths scurries to get its compliance house in order, it has issued a mandate that all new programs will be designed to be PCI compliant. It has also rolled out an internal education and compliance program called Cardsafe.Ajay Unni, managing director of Stickman Consulting, also presented at the Cebit conference and said that his organisation had recently completed a PCI compliance program for an Australian retailer which had cost $2 million. He confirmed that he was aware of a number of instances where credit card companies had already started to issue fines after breaches of the PCI compliance code were detected.