According to the survey conducted by First Data Corp and National Retail Federation, at least 50% of the small and mid-sized retailers had completed the PCI DSS (Payment Card Industry Data Security Standard) self assessment.
At least 42% of the respondents in the survey were unaware of the procedure that credit card payments were obliged to annual self-assessments, and 66% of the respondents stated that they were aware of PCI DSS.
Around 651 small and mid-sized merchants were part of the survey.The rest of them had only around $500,000 in sales annually.Out of those surveyed only half the merchants were PCI compliant and that seemed to be the most shocking news, according to Tim Horton, Vice President, from First Data.
There was also considerable amount of confusion amongst the retailers with regard to the liability costs in case there was a data breach with the credit cards.Each card carries a per-card fee when it is canceled and the credit card companies could fine most retailers if it is established that the source of the credit card breach was the retailer.
While the merchants are charged for not being PCI compliant by most card issuers, there are also charges on merchants when there is data breach on the card, stated Horton.
As per the survey done by the Ponemon Institute, the cost of data breaches on an average is around $6.7 million for a merchant, and the cost per customer record that is breached is estimated around $204.This could be really damaging for small and mid-sized merchants as it could cost them tens of thousands of dollars and that could easily put them out of business, stated Horton.
Rob McMillon, from RSA’s merchant services, states that most small businesses feel overwhelmed and burdened while securing card data and most of these small businesses are unaware of the responsibilities that come along with taking care of the card data.They in fact, are clueless as to where to begin when it comes to protecting their valuable customers as well as themselves from data breaches.
RSA and First Data have developed a product called TransArmor and this is a process that is called tokenization.The PCI Security Standards Council is currently developing the guidance for this technology.