IMGCAP(1)]
The cost of complying with the Payment Card Industry Data Security and PIN Entry Device Standards and a lack of understanding regarding requirements has caused some Level 4 merchants to resist compliance, according to observers at the Electronic Transactions Association Compliance Day event in Dallas this week. Level 4 merchants process fewer than 1 million Visa Inc. transactions annually. A primary reason some smaller merchants resist becoming compliant is they do not understand the need for it, said Deanna Rich, president of Van Nuys, Calif.-based Rich Consulting, during a presentation at the conference. Using the TJX Cos. Inc. credit and debit card data breach as an example of the costs of noncompliance does not sway Level 4 merchants because "they think they are too small to be targeted" by fraudsters, she said. Discount retailer TJX Cos. Inc. reported a data breach in January 2007 that compromised at least 89 million payment card accounts (CardLine, 10/24/07). Some Level 4 merchants also are reluctant to replace noncompliant software and hardware with updated versions that meet PCI standards, Rich said. "Merchants say 'I have something; it works,'" she said.
