Payment card fraud continues to be a headache for merchants of all sizes, but small and medium-sized businesses (SMBs) find it more difficult to deal with. As the following article in the Enterprise Times reports, UK survey data shows that many SMBs are not in compliance with security standards, or just simply willing to pay the fines.
The latest survey from Sysnet Global Solutions claims that SMEs are struggling with PCI compliance and security. The survey was conducted across a number of acquiring organisations (e.g. banks), including five of the top 10 global acquirers. Between them those five acquirers account for more than 58bn transactions per year. It can be downloaded here (registration required).
The survey paints a worrying picture of compliance failure. According to the press release: “all acquirers believe small merchants are not effectively engaging with PCI programs, with many identifying the challenges small merchants face, including a lack of knowledge, a lack of urgency and a lack of time to dedicate to security and compliance.”
Gabriel Moynagh, CEO at Sysnet Global Solutions said: “We conducted this survey to put some structure on the many conversations we have had with acquiring organisations who feel they’re fighting a losing battle when it comes to getting smaller businesses secure and compliant. PCI non-compliance fees seem like a good idea to prompt smaller businesses to take action, but the real problem is that they just don’t have the knowledge, time or resources to get and maintain compliance.”
Operating a business, especially small ones, is not easy given the limited amount of resources, especially when it comes to compliance with regulations of any sort. Sometimes business owners play the percentages when juggling multiple issues and hope for the best. But it’s a mistake to slip under the payment card compliance radar since this involves real money. With fraudsters lurking around every corner seeking to capitalize on stolen card data and related identities, merchants are tricking themselves if they think that they can profitably stay in business by overlooking card security standards. May the seller beware.
Overview by Raymond Pucci, Associate Director, Research Services at Mercator Advisory Group