IMGCAP(1)]
Though many small merchants are familiar with the Payment Card Industry Data Security Standard, many also experience frustration complying and have little concern about data risk, suggest the results of a small-merchant study released Monday by the National Retail Federation, ControlScan Inc. and the PCI Knowledge Base. Roughly one-half of the 220 merchant respondents to the July survey process less than 100,000 card transactions annually. Most merchants, 86%, are "very" to "somewhat" familiar with the PCI standard, according to the report "What Small Merchants Know (and Don't Know) About PCI Compliance." However, only 62% of respondents are validated as PCI-compliant. Of the 29% who are not yet compliant with the standard, 44% are working to become compliant, 26% do not have the financial or technical resources to become compliant, and 19% do not understand the standard, according to the report. Nine percent of respondent are unsure if they have been validated as PCI compliant. Additionally, most respondents, 65%, believe their businesses most likely will never suffer a data breach. Twenty-six percent feel a reasonable chance of a breach exists, and 7% believe a breach is not possible. Only 2% believe a breach is imminent. Many merchants "do not find themselves vulnerable [to data breaches], which is shocking," says Heather Foster, ControlScan vice president of marketing.
