Share |

Association for Retail Technology Standards
National Council of Chain Restaurants
Loss Prevention (LPInformation.com)
Retail Advertising and Marketing Association
Community of Online and Multichannel Retailers
STORES Media, Knowledge Series, and more
NRF Foundation Research & Education
Forum for International Retail Association Executives

News

Technology Image: Text decoration - bullet

2009 PCI Survey

Research Finds PCI DSS Awareness High Among Small Retailers, Lack of Understanding Remains Huge Hurdle

Click here to download white paper.

For Immediate Release
NRF: Kathy Grannis (202) 783-7971 or grannisk@nrf.com
ControlScan: Heather Varian Foster (678) 279-2644 or hfoster@controlscan.com
PCI Knowledge Base: David Taylor (214) 295-4996 or david.taylor@knowpci.com

Research Finds PCI DSS Awareness High Among Small Retailers,
Lack of Understanding Remains Huge Hurdle
-- NRF Says PCI Council Should Make Compliance Less Cumbersome--

La Jolla, CA, August 10, 2009—Though small retailers are aware of Payment Card Industry Data Security Standards (PCI DSS), they feel frustrated and bewildered with the complex requirements, according to a survey of small retailers by ControlScan, the National Retail Federation, and the PCI Knowledge Base. The research was released in conjunction with NRFtech, NRF’s IT Leadership Summit, in La Jolla, CA.

According to the survey of 220 small retailers, 86 percent of companies feel “somewhat” or “very familiar” with PCI DSS. They also understand the importance of security, with 88 percent of them listing data security as a “high” or “medium” priority. While the fact that small retailers both understand the importance of data security and are aware of PCI DSS standards is encouraging, respondents expressed frustration with understanding, implementing and paying for compliance.

“A year ago, there was little to no awareness of PCI compliance among small merchants,” said David Taylor, founder, the PCI Knowledge Base. “Now the picture has changed, probably because many organizations, such as acquirers and independent sales organizations (ISOs), are now making validation of compliance mandatory and in some cases, imposing monthly fines for merchants that fail to prove they are PCI compliant.”

Small merchants who have never been breached may have an unrealistic expectation of their security. According to the survey, 72 percent of small retailers believe the risk their company faces from a data compromise is “low” or “not possible,” though merchants who have been breached tell a different story. However, 67 percent of previously breached respondents considered the risk from a data compromise to be “high” or “medium,” and, as a result, typically spend more to help secure their businesses.

“Small merchants often do not understand the severe consequences of a data breach and are understandably overwhelmed with the intricacies of becoming compliant in the first place,” said NRF Chief Information Officer David Hogan. “Until industry service providers and the PCI Security Standards Council make compliance easier to understand and less complex to implement, many small merchants will likely continue to be frustrated and bewildered, causing some of them to abandon the idea of compliance altogether.”

Because the process is confusing, Level 4 merchants are seeking clarity and want to be educated about data security. According to the survey respondents, retailers first look to their acquirers and then to vendors of point-of-sale software, payment equipment and hosting as their “go to” resources for PCI compliance and security information.

“These organizations are uniquely positioned to embrace their de facto ‘first responder’ role in the PCI education arena,” said Heather Varian Foster, vice president, marketing, ControlScan. “By assisting small merchants to become PCI compliant and providing them with easy-to-understand information, they will likely become more valuable partners to their merchants and distinguish themselves in the market place.”

About the Survey
The survey was completed in July 2009 by 220 Level 4 merchants who represent a mix of ecommerce, retail stores and mail order/telephone order businesses.

ControlScan is the leading provider of Payment Card Industry (PCI) compliance and security solutions designed exclusively for small- to medium-sized merchants. ControlScan provides easy-to-use Web-based security solutions and a personal level of service that make it easy and cost-effective for these businesses to analyze, remediate and validate compliance. ControlScan is the solution of choice for small merchants and acquirers because it offers security solutions that are built specifically with the small merchant in mind, a personal level of service and the best results. Acquirers and other merchant service providers rely on ControlScan to manage PCI compliance programs for their entire merchant portfolios to ensure maximum compliance rates. www.controlscan.com

The PCI Knowledge Base is the largest independent research community focused on the security of payment and related financial and personal data. The PCI Knowledge Base’s registered membership includes over 2,900 persons who are focused on PCI, including retailers, hoteliers, academics, bankers, payment processors, PCI assessors (QSAs), providers of payment systems and security technologists. The company’s panel of over 85 PCI Experts shares their knowledge and experience through its proprietary research database as well as through discussion forums and via our PCI Experts Blog. www.pciknowledgebase.com

The National Retail Federation is the world's largest retail trade association, with membership that comprises all retail formats and channels of distribution including department, specialty, discount, catalog, Internet, independent stores, chain restaurants, drug stores and grocery stores as well as the industry's key trading partners of retail goods and services. NRF represents an industry with more than 1.6 million U.S. retail establishments, more than 24 million employees - about one in five American workers - and 2006 sales of $4.7 trillion. As the industry umbrella group, NRF also represents more than 100 state, national and international retail associations. www.nrf.com

###

Email to Friend | Printer Friendly

Subscribe to the NRF News Feed