First Data and NRF Find Small Merchants Still Can't Spell PCI

by Mercator Advisory Group 0

Another, more grounded, survey on PCI and merchants was released by First Data and the National Retail Federation and it aims at the smaller merchant this time. Meanwhile, another (flawed) survey released by Cisco looked at larger U.S. merchants and found the happy news that their attitudes had changed about PCI. They like it because it actually works.


But for at last half of small shops – mom and pop – PCI and card number security remains a mystery. That’s partly a problem of the acquiring industry’s making. Educating customers – who largely only want reliable payments processing at the lowest cost – about security is expensive. It takes time and risks the retailer looking elsewhere for merchant services.


The findings map directly into the value proposition of First Data’s TransArmor security offering. Many such services provide, besides improved card number security, some form of coverage for data breaches. These run in the $50,000 range, enough to cover the average breach cost of the typical Level 4 merchant. As this survey shows, getting these merchants to take card number security seriously is still a challenge. As providers make security solutions easier to implement, that number will go up – particularly once merchants no longer retain card numbers for any reason.

“Only about half of the merchants surveyed are PCI compliant. I think that was the biggest takeaway from the survey”, Tim Horton, vice president of merchant product management at First Data, told Infosecurity.

The survey also found confusion among retailers regarding the liability costs in the event of credit card data breach. More than 60% of respondents did not realize that credit card companies are authorized to fine retailers a per-card fee for every card that has to be canceled if it is determined that the retailers are the source of the data breach.

“Most credit card processors are charging their merchants if they are not PCI compliant. That is a cost…There are also costs associated with data breaches”, Horton said.

Read more at the infosecurity.com site: http://www.infosecurity-us.com/view/15302/small-and-midsized-retailers-lax-on-credit-card-security-survey-finds/


The Cisco press release


PaymentsJournal’s Comments on the Cisco Survey