Small merchants are becoming more aware of PCI compliance requirements, according to a new study sponsored by the National Retail Federation. It's good progress, but there's a problem: Even though 86 percent of those surveyed know what PCI compliance is and 80 percent of them think it's a good thing, only 55 percent said they can demonstrate compliance.
My biggest concern is that while these merchants [who haven't been breached] are at least making progress thinking that PCI is a good thing to do, they're not thinking they're at risk. They think they're invulnerable.
Unfortunately, that's not going to change, according to NRF CIO David Hogan, until the PCI Security Standards Council make compliance easier to understand, and explains the risks of an penalties associated with a breach in stark terms. The story spells out those terms this way:
85 percent of payment card breaches happen in small businesses, 81 percent of companies hit by a breach weren't PCI compliant, and noncompliance fines range from $5,000 to $25,000 a month for serious breaches.