Often pooled into a one-size-fits-all label, smaller merchants have diverse views and awareness of Payment Card Industry data-security standards, the results of a recent survey suggest.
In the survey, 45% of respondents with 10 or fewer employees said they were familiar with the PCI Data Security Standard, the primary standard that governs measures to protect sensitive cardholder data. That percentage increases to 91% for merchants employing 51 or more workers, according to ControlScan Inc., an Atlanta-based payments-security firm.
ControlScan and Merchant Warehouse Inc., a Boston-based independent sales organization, conducted the research in August. They received 628 responses to the online survey from merchants that annually process fewer than 1 million payment card transactions, also known as Level 4 merchants.
Despite the divergent awareness levels, 84% of respondents rated their risk of a data compromise to be low or nonexistent. Fifteen percent cited a medium risk, with just 1% confessing they saw themselves at high risk for a breach.
Moreover, 84% of respondents also said data security was a high or medium priority for them. Eleven percent said it was a low priority, and 5% said it was not a priority.
Asked whether they knew about the PCI Data Security Standard, just 16% of those respondents said they were “very” familiar with it, while 31% reported being “somewhat” familiar with the standard.
Twenty-five percent were unsure whether they knew about the standard, and 28% said they had no familiarity with it.
This fragmentation suggests a need to tailor PCI-compliance efforts, even among the smallest of merchants, ControlScan says.
What do you think about this? Send us your feedback.
