Payments

10:35 AM
Connect Directly
Facebook
Twitter
Google+
RSS
E-Mail
50%
50%

PCI Compliance Still an Issue Among Small Merchants, Survey Says

A report issued by two security services vendors finds that there is a gap between how small- and medium-sized businesses approach PCI standards.

There is a large gap between how small merchants and mid- to large-sized business approach data security and PCI compliance, according to a survey conducted by PCI security services firm ControlScan and payment processing solutions outfit Merchant Warehouse.

According to the survey, 48 percent of merchants surveyed with 10 or fewer employees -- also known as micro-merchants -- reported they were either "unsure" of or "not at all familiar" with the Payment Card Industry Data Security Standard.

In contrast, 77 percent of level 4 merchants, which are defined as those that employ 51 or more employees, confirmed they are "very" or "somewhat" familiar with the PCI DSS, with 79 percent considering data security a high priority and 82 percent considering PCI compliance mandatory.

"For many smaller merchants, PCI compliance is not something they are aware of," said Heather Foster, VP of marketing for ControlScan. She said many small merchants are, rightfully, most concerned with running their business and when it comes to PCI compliance have the mentality that "somebody else should be worrying about this."

Foster added that while more level 4 merchants have embraced the importance of PCI compliance since ControlScan and Merchant Warehouse began the survey three years ago, "the level of awareness for level 4 merchants is still not as high as we would like."

The key to getting a business owner, regardless of what size company they are running, to realize the importance of PCI compliance is more proactive education from banks on the subject, she said.

"Some banks will just send out a statement message to their merchant partners and that's it," she said. "However, other banks are doing much more elaborate education on the PCI compliance process, and that is something they should be doing to protect themselves and their customers. Many merchants think PCI compliance is a one-time event and then they're done, but there is a lot of ongoing education that has to take place."

Bryan Yurcan is associate editor for Bank Systems and Technology. He has worked in various editorial capacities for newspapers and magazines for the past 8 years. After beginning his career as a municipal and courts reporter for daily newspapers in upstate New York, Bryan has ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Bank Systems & Technology Newsletters
White Papers
Current Issue
Bank Systems & Technology - August 2014
Modern core systems are emerging as the foundations of effective channel integration and customer engagement initiatives.
Slideshows
Video