© 2026 Arizent. All rights reserved.
Market Intelligence:
AI
Payments
Research
Industry Data
Bank technology

Merchants Fret More About Brand than Security: Survey

By John Adams
About John
johnhadams
john.adams@arizent.com
john-adams-83444310
Published July 19, 2011, 5:38 p.m. EDT
|
Updated July 19, 2011, 4:45 p.m. EDT
1 Min Read

As much as banks fret about PCI standards and compliance for digital transactions, and who pays when the rules are violated, merchants are much less worried. They are very concerned about reputational risk tied to hacking and other email crimes, however.

Processing Content

A new survey of electronic commerce merchants conducted by CyberSource, a unit of Visa; and Trustwave, a data security firm; found that 70 percent of respondents cited the need to "protect the brand" as the primary driver for tightening controls against hackers and other payment security risks. Only 26 percent said they were worried about avoiding fines due to non compliance with PCI DSS standards. The PCI DSS guidelines include fines for non compliance for acquiring banks, which are often passed onto merchants based on individual contract stipulations.

Dayna Ford, Director, Product Management at CyberSource, said by far the most damaging impact [of a breach] is to the company's brand, affecting revenue, customer loyalty, and even stock valuation. Knowledge of this phenomenon is now widespread, so it's not surprising that the survey found brand integrity to be the most important rationale for payment security investment.

Other findings of the survey included these:

• Over the next 24 months, an increasing proportion of organizations expect to remove payment data from their environment as a way of reducing security risks.

• Organizations that do not capture, transmit, or store data inside their own network tend to employ fewer personnel, validate PCI DSS compliance more quickly, and operate at a lower overall cost of payment security management.

• "Data out" merchants spend less on infrastructure: 75 percent of PCI DSS Level 1 merchants that have removed payment data from their environments spend less than $500,000 on their payment security infrastructure. Only 60 percent of those that keep data in-house can make that claim.

• In one counter-intuitive finding, respondents said they felt the threat of payment data theft from inside employees was about equal to the threat from external hackers.


John Adams
Executive Editor, Payments
John Adams is executive editor of payments for American Banker. John interviews top executives in the payments, cryptocurrency and fintech... Read full bio
For reprint and licensing requests for this article, click here.
Bank technology Consumer banking
MORE FROM AMERICAN BANKER
Load More