Contact Information: Press Contacts: ControlScan: Heather Varian Foster 404-414-2913 NRF: Kathy Grannis 202-783-7971 PCI Knowledge Base: David Taylor 214-295-4996 Link to white paper: https://www.controlscan.com/whitepapers/merchant_study_2009.php
Research Finds PCI DSS Awareness High Among Small Merchants, Lack of Understanding Remains Huge Hurdle
Guidance a Must to Help Small Merchants Understand and Achieve PCI DSS Compliance
| Quelle: ControlScan
ATLANTA, GA--(Marketwire - August 10, 2009) - Though small merchants are aware of Payment
Card Industry Data Security Standards (PCI DSS), they feel frustrated and
bewildered with the complex requirements, according to a survey of small
merchants by ControlScan, the National Retail Federation, and the PCI Knowledge Base.
According to the survey of 220 small merchants, 86 percent of companies
feel "somewhat" or "very familiar" with PCI DSS. They also understand the
importance of security, with 88 percent of them listing data security as a
"high" or "medium" priority. While the fact that small merchants both
understand the importance of data security and are aware of PCI DSS
standards is encouraging, respondents expressed frustration with
understanding, implementing and paying for compliance.
"A year ago, there was little to no awareness of PCI compliance among small
merchants," said David Taylor, founder, the PCI Knowledge Base. "Now the
picture has changed, probably because many organizations, such as acquirers
and independent sales organizations (ISOs), are now making validation of
compliance mandatory and in some cases, imposing monthly fines for
merchants that fail to prove they are PCI compliant."
Small merchants who have never been breached may have an unrealistic
expectation of their security. According to the survey, 72 percent of small
retailers believe the risk their company faces from a data compromise is
"low" or "not possible," though merchants who have been breached tell a
different story. Sixty-seven percent of previously breached respondents
considered the risk from a data compromise to be "high" or "medium," and,
as a result, typically spend more to help secure their businesses.
"Small merchants often do not understand the severe consequences of a data
breach and are understandably overwhelmed with the intricacies of becoming
compliant in the first place," said NRF Chief Information Officer David
Hogan. "Until industry service providers and the PCI Security Standards
Council make compliance easier to understand and less complex to implement,
many small merchants will likely continue to be frustrated and bewildered,
causing some of them to abandon the idea of compliance altogether."
Because the process is confusing, Level 4 merchants are seeking clarity and
want to be educated about data security. According to the survey
respondents, small merchants first look to their acquirers and then to
vendors of point-of-sale software, payment equipment and hosting as their
"go to" resources for PCI compliance and security information.
"These organizations are uniquely positioned to embrace their de facto
'first responder' role in the PCI education arena," said Heather Varian
Foster, vice president, marketing, ControlScan. "By assisting small
merchants to become PCI compliant and providing them with
easy-to-understand information, they will likely become more valuable
partners to their merchants and distinguish themselves in the market
place."
To access a copy of the study findings, please click on the following link:
https://www.controlscan.com/whitepapers/merchant_study_2009.php
About the Survey
The survey was completed in July 2009 by 220 Level 4 merchants who
represent a mix of ecommerce, retail stores and mail order/telephone order
businesses.
ControlScan is the leading provider of Payment Card Industry (PCI)
compliance and security solutions designed exclusively for small- to
medium-sized merchants. ControlScan provides easy-to-use Web-based security
solutions and a personal level of service that make it easy and
cost-effective for these businesses to analyze, remediate and validate
compliance. ControlScan is the solution of choice for small merchants and
acquirers because it offers security solutions that are built specifically
with the small merchant in mind, a personal level of service and the best
results. Acquirers and other merchant service providers rely on ControlScan
to manage PCI compliance programs for their entire merchant portfolios to
ensure maximum compliance rates. For more information about ControlScan
call 1-800-825-3301 or visit www.controlscan.com.
The PCI Knowledge Base is the largest independent research community
focused on the security of payment and related financial and personal data.
The PCI Knowledge Base's registered membership includes over 2,900 persons
who are focused on PCI, including retailers, hoteliers, academics, bankers,
payment processors, PCI assessors (QSAs), providers of payment systems and
security technologists. The company's panel of over 85 PCI Experts shares
their knowledge and experience through its proprietary research database as
well as through discussion forums and via our PCI Experts Blog. For more
information call 214-295-4996 or visit www.pciknowledgebase.com.
The National Retail Federation is the world's largest retail trade
association, with membership that comprises all retail formats and channels
of distribution including department, specialty, discount, catalog,
Internet, independent stores, chain restaurants, drug stores and grocery
stores as well as the industry's key trading partners of retail goods and
services. NRF represents an industry with more than 1.6 million U.S. retail
establishments, more than 24 million employees -- about one in five
American workers -- and 2006 sales of $4.7 trillion. As the industry
umbrella group, NRF also represents more than 100 state, national and
international retail associations. www.nrf.com.
Link to white paper:
https://www.controlscan.com/whitepapers/merchant_study_2009.php