IMGCAP(1)]
Relatively few small merchants are compliant with Payment Card Industry data-security standards, and many are unaware of the standards, industry professionals generally agree. "I would be shocked if 75% of Level 4 merchants could tell you what the acronym PCI means," says Wenlock Free, vice president of business development at SecurityMetrics Inc., a Salt Lake City-based provider of PCI security products and services. The average fee is roughly $75 to $100 annually, he estimates. Visa Inc. defines Level 4 merchants as those that process less than 1 million Visa transactions annually. Visa estimated PCI compliance among Level 4 merchants as "moderate" as of June 30. Not all merchants are "aware of PCI compliance," notes Jim Anderson, CEO of Electronic Commerce International Inc., a Las Vegas-based ISO. "We have had to instruct some clients to Google it." Part of the problem is small merchants' overall lack of data-security awareness, says Doug Klotnia, general manager of the compliance division at Trustwave, a Chicago-based payment-security company. "Most don't know what data they store or don't store," he says. "There's a lack of understanding of the payment process and a lack of understanding that small merchants are being breached."
