SMB Merchants VERY Aware of Payment Security Importance

ControlScan and Merchant Warehouse have released the results of their fifth annual survey of Level 4 merchants' awareness, sentiment and progress toward securing cardholder data in compliance with payment card industry (PCI) standards.

Comprised primarily of small and mid-sized businesses (SMBs), the Level 4 merchant group represents 98 percent of all U.S. retailers. The report, "Payment Security and the SMB: The Fifth Annual Survey of Level 4 Merchant PCI Compliance Trends," reveals that as a group these merchants are making progress, but that key concerns definitely remain.

"Nearly three-quarters of survey respondents believe complying with PCI standards improves the security of their business, and that's encouraging," said Joan Herbig, CEO of ControlScan. "As a whole, though, these merchants are showing a lack of corresponding activity for prevention and detection. In addition, they are not prepared should a data breach occur."

Insights from the study include:

  • 43 percent are personally responsible for information security in their organization, while 35% say no one is assigned the responsibility
  • 51 percent do not require their third-party service providers to achieve and maintain PCI compliance
  • Only 36 percent have developed an incident response plan (IRP) for their business

"SMB merchants have a distinct need when it comes to payment security and compliance," said Henry Helgeson, CEO, Merchant Warehouse. "Very few have the time or resources to think through what it takes to better their security posture, and most don't even realize the significant risk their business faces. It's up to us as their MSP to give them a cost-effective, simplified way to succeed in this regard."