Bank Systems & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


10:35 AM
Connect Directly

PCI Compliance Still an Issue Among Small Merchants, Survey Says

A report issued by two security services vendors finds that there is a gap between how small- and medium-sized businesses approach PCI standards.

There is a large gap between how small merchants and mid- to large-sized business approach data security and PCI compliance, according to a survey conducted by PCI security services firm ControlScan and payment processing solutions outfit Merchant Warehouse.

According to the survey, 48 percent of merchants surveyed with 10 or fewer employees -- also known as micro-merchants -- reported they were either "unsure" of or "not at all familiar" with the Payment Card Industry Data Security Standard.

In contrast, 77 percent of level 4 merchants, which are defined as those that employ 51 or more employees, confirmed they are "very" or "somewhat" familiar with the PCI DSS, with 79 percent considering data security a high priority and 82 percent considering PCI compliance mandatory.

"For many smaller merchants, PCI compliance is not something they are aware of," said Heather Foster, VP of marketing for ControlScan. She said many small merchants are, rightfully, most concerned with running their business and when it comes to PCI compliance have the mentality that "somebody else should be worrying about this."

Foster added that while more level 4 merchants have embraced the importance of PCI compliance since ControlScan and Merchant Warehouse began the survey three years ago, "the level of awareness for level 4 merchants is still not as high as we would like."

The key to getting a business owner, regardless of what size company they are running, to realize the importance of PCI compliance is more proactive education from banks on the subject, she said.

"Some banks will just send out a statement message to their merchant partners and that's it," she said. "However, other banks are doing much more elaborate education on the PCI compliance process, and that is something they should be doing to protect themselves and their customers. Many merchants think PCI compliance is a one-time event and then they're done, but there is a lot of ongoing education that has to take place."

Bryan Yurcan is associate editor for Bank Systems and Technology. He has worked in various editorial capacities for newspapers and magazines for the past 8 years. After beginning his career as a municipal and courts reporter for daily newspapers in upstate New York, Bryan has ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Bank Systems & Technology Newsletters
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.