One would think that with all the information, news and concern related to PCI and security that we would have have an adequate way to inform and educate merchants about the need to be compliant. However it seems, according to a recent First Data Corp and National Retail Federation survey of small businesses (less than $100k annually) that PCI DSS compliance is important and known about, but there remains a lack of action on the part of the merchant.
Here are some of the statitics pulled directly from the survey:
- 64% of the merchants who KNOW about PCI DSS don’t believe their business is vulnerable
- 60% of surveyed merchants are unaware of the costs they inure due to a breech of card holder data
- 66% of surveyed merchants aware of PCI DSS requirements, yet only 49% completed the self assessment questionnaire
- Of those merchants claiming to be aware of PCI DSS requirements 42% were unaware of the ongoing self assessment obligation.
In my mind these numbers beg the questions: How do we reduce the gap between knowledge and action? What should we as an industry be doing to help these smaller merchants take action on their desire to protect their customers information?
There is a ton of great information out there about PCI DSS what it is and what it means to merchants even how to become and stay PCI compliant. But with the number of small merchants 1) thinking they are not vulnerable and 2) not being made aware of the very real dangers and costs associated with a breech of card holder information, some action on our part needs to be taken.
Now while the actual responsibility of being PCI compliant remains on the merchant I believe that it is our job and responsibility as providers of a service to assist those who we work with and for. By helping them succeed and avoid potential pitfalls we are actually helping our business by making sure they stick around for the long haul and we provide them with an exceptional level of service.
I don’t know how we solve this problem… but i’m sure you each have ideas on how we can, so I’m all ears.