IMGCAP(1)]
Small merchants primarily look to their banks, acquirers and merchant-service providers for information on compliance with industry data-security regulations, according to a small-merchant study released last week by ControlScan Inc., the National Retail Federation and the PCI Knowledge Base LLC. They conducted the online merchant survey in July, and roughly half of the 220 merchant respondents process less than 100,000 card transactions annually. Most merchant respondents, 35%, consult with their merchant banks to learn about data security and compliance with the Payment Card Industry Data Security Standard, according to the report "What Small Merchants Know (and Don't Know) about PCI Compliance." Many respondents also consult with their equipment or payment-service providers (30%), their hosting providers (29%), industry publications (25%), in-house security experts (25%) and industry consultants (24%). Respondents could choose multiple answers. "ISOs and acquirers have the opportunity to take a leadership role" in educating merchants about data security, says Heather Foster, ControlScan vice president of marketing.
