There is a large gap between how small merchants and mid- to large-sized business approach data security and PCI compliance, according to a survey conducted by PCI security services firm ControlScan and payment processing solutions outfit Merchant Warehouse.
According to the survey, 48 percent of merchants surveyed with 10 or fewer employees -- also known as micro-merchants -- reported they were either "unsure" of or "not at all familiar" with the Payment Card Industry Data Security Standard.
In contrast, 77 percent of level 4 merchants, which are defined as those that employ 51 or more employees, confirmed they are "very" or "somewhat" familiar with the PCI DSS, with 79 percent considering data security a high priority and 82 percent considering PCI compliance mandatory.
"For many smaller merchants, PCI compliance is not something they are aware of," said Heather Foster, VP of marketing for ControlScan. She said many small merchants are, rightfully, most concerned with running their business and when it comes to PCI compliance have the mentality that "somebody else should be worrying about this."
Foster added that while more level 4 merchants have embraced the importance of PCI compliance since ControlScan and Merchant Warehouse began the survey three years ago, "the level of awareness for level 4 merchants is still not as high as we would like."
The key to getting a business owner, regardless of what size company they are running, to realize the importance of PCI compliance is more proactive education from banks on the subject, she said.
"Some banks will just send out a statement message to their merchant partners and that's it," she said. "However, other banks are doing much more elaborate education on the PCI compliance process, and that is something they should be doing to protect themselves and their customers. Many merchants think PCI compliance is a one-time event and then they're done, but there is a lot of ongoing education that has to take place."