A recent survey of Level 4 merchants reveals small businesses’ perceptions and attitudes surrounding the Payment Card Industry Data Security Standard. The study, sponsored by Boston-based Independent Sales Organization Merchant Warehouse and PCI-approved scanning vendor ControlScan, finds that “more than half (53%) [of small merchants] are not familiar with PCI, or are unsure whether they are. And just half understand that PCI compliance is mandatory,” according to industry pub Digital Transactions. No word on the margin of error.
“The survey results are “definitely a little concerning but not shocking,” says Markiyan Malko, compliance officer and program manager at Merchant Warehouse. “Most of them are worried about running their business rather than security. They don’t seem to be that worried about it.” He points out, though, that as Level 1, 2, and 3 merchants become harder to breach, hackers are increasingly targeting the smallest and most vulnerable merchants.
Both Merchant Warehouse and ControlScan see an opportunity for acquirers and ISOs to educate small merchants about PCI and the risk of data breaches. But they caution that the approach must be a careful one. Acquirers must be mindful of differences among businesses and of their need for concrete help. “The worst thing an ISO can do is charge a PCI fee and not do anything beyond that,” says Heather Foster, vice president of marketing at ControlScan.”
Original Article: http://www.digitaltransactions.net/newsstory.cfm?newsid=2683
