ControlScan and Merchant Warehouse have jointly released the results of their survey of Level 4 merchants’ awareness, sentiment and progress toward securing cardholder data in compliance with PCI standards.
The Level 4 merchant group represents 98% of all U.S. retailers, is primarily comprised of SMBs, and numbers in the millions. The research report reveals that as a group these merchants are making progress, yet key concerns remain.
“Nearly three-quarters of survey respondents believe complying with PCI standards improves the security of their business, and that’s encouraging,” said Joan Herbig, CEO of ControlScan. “As a whole, though, these merchants are showing a lack of corresponding activity for prevention and detection. In addition, they are not prepared should a data breach occur.”
A total of 615 Level 4 merchants responded to the 2013 survey, providing many critical insights for independent sales organizations (ISOs), acquirers and other merchant service providers (MSPs), including:
- 43% are personally responsible for information security in their organization, while 35% say no one is assigned the responsibility;
- 51% do not require their third-party service providers to achieve and maintain PCI compliance; and
- Only 36% have developed an incident response plan (IRP) for their business.
“SMB merchants have a distinct need when it comes to payment security and compliance,” said Henry Helgeson, CEO, Merchant Warehouse. “Very few have the time or resources to think through what it takes to better their security posture, and most don’t even realize the significant risk their business faces. It’s up to us as their MSP to give them a cost-effective, simplified way to succeed in this regard.”