Small merchants look primarily to their banks, acquirers and merchant service providers for information about complying with the Payment Card Industry data security standards, according to a report released last week by ControlScan Inc., the National Retail Federation and PCI Knowledge Base LLC.

The online survey of small merchants was done in July; roughly half of the 220 respondents said they handle fewer than 100,000 card payments per year.

Thirty-five percent of the merchants said they seek information from their banks about data security and compliance with PCI, which governs how companies use payment card data.

Respondents also said they consult with their equipment or payment service providers (30%), their hosting providers (29%), trade publications (25%), in-house security experts (25%) and industry consultants (24%). Respondents could choose multiple answers.

Independent sales organizations "and acquirers have the opportunity to take a leadership role" in educating merchants about data security, said Heather Foster, the vice president of marketing at ControlScan, an Atlanta card security vendor.