Smaller merchants' varying awareness of Payment Card Industry data security standards suggests a need to tailor PCI-compliance efforts, even among the smallest of merchants, ControlScan Inc. said.
The Atlanta payments security company found in a survey that 45% of companies with 10 or fewer employees said they were familiar with the PCI Data Security Standard, the primary standard that governs measures to protect sensitive cardholder data.
That percentage increases to 91 for merchants with 51 or more workers, ControlScan found.
ControlScan and Merchant Warehouse Inc., an independent sales organization in Boston, conducted the research in August. They received 628 responses to the online survey from merchants that annually process fewer than 1 million payment card transactions, which the card companies categorize as Level 4 merchants.
Despite the divergent awareness levels, 84% of respondents rated their risk of a data compromise to be low or nonexistent. Fifteen percent said they were at a medium risk, with just 1% confessing they saw themselves at high risk for a breach.
Eighty-four percent of respondents also said data security was a high or medium priority for them. Eleven percent said it was a low priority, and 5% said it was not a priority.
Asked whether they knew about the PCI Data Security Standard, just 16% of those respondents said they were "very" familiar with it, while 31% reported being "somewhat" familiar with it. Twenty-five percent were unsure of their knowledge of the standard, and 28% said they had no familiarity with it.
