PCI Free Blog

Risk Assessment Priorities Out of Whack for Level 4 Merchants

If you read the PCI Free Blog regularly, you might by now be familiar with my constant caterwauling about my frustration that merchants are still not taking PCI compliance seriously. It’s been over 3 years since the PCI DSS (payment card industry data security standard) was officially released and made mandatory. It was developed using Visa already existing (but not required) CISP or cardholder information security program way back in 2008. If process credit cards and you’re not PCI compliant by now, my feeling is that you’re either deliberately foolhardy or, possibly more confounding, somehow ignorant of the very real and hazardous risks you face on a daily basis.
I came across an interesting article among the industry publications I keep abreast of, pertaining to the disproportionate view small business owners seem have with regard to data security and the everyday inherent risks associated with merchant processing. These common attitudes may lend some insight as to why small business owners still view PCI compliance with skepticism. Last year in November a major PSP (privacy seal provider ) completed and published its third yearly survey of trends found among level 4 merchants. The survey was conducted in partnership with an established PSE (payment settlement entity) and comprised of 621 level 4 merchant responses.
It seems my personal malicious feelings toward those still refusing to be compliant weren’t founded. The survey found three essential root factors that are thought to contribute to a general lackadaisical attitude towards PCI compliance. The first factor is that the risk of financial loss seems not to be a large motivating factor for merchants to actively adhere to the PCI DSS. The second finding of the survey was that, while a minority of level 4 merchants, still a large number of small business owners out the seem to think that adhering to the goals of PCI compliance does nothing to enhance their data security. Finally, the third most salient finding is that, discouragingly, there has been little increase of PCI compliance understanding with regard to Level 4 merchants.
There are no two ways about it, if you’re not PCI compliant, you are putting your customers and your business at risk. A judge will tell you that ignorance of the law is not a defense. Ignorance of PCI will potentially cost you, big time. Don’t ignore anymore! See our home page to find out how to become PCI compliant for free!

This entry was posted in PCI Compliance, PCI DSS and PA-DSS, Sensitive Data Storage. Bookmark the permalink.

Leave a Reply