Report: E-Commerce Merchants Outperforming Brick-and-Mortar in PCI Compliance 

Nov. 5, 2012 

Small merchants continue to show a significant disregard for the Payment Card Industry Data Security Standard (PCI DSS), though e-commerce retailers are more diligent about complying with the standard than brick-and mortar merchants, according to a new report from PCI compliance firm ControlScan and merchant services provider Merchant Warehouse. The fourth annual survey of PCI Level 4 merchants found that overall, only 50 percent have actually validated their PCI compliance. Meanwhile, 70 percent of e-commerce merchants reported compliance with the PCI standard. 

“Just under half of this year’s respondents indicated they are unaware of the PCI DSS,” said Joan Herbig, CEO of Atlanta-based ControlScan. “That finding, combined with the fact that 79 percent of respondents think their business has little-to-no risk of breach, indicates a serious disconnect between Level 4 merchants and the ISOs and acquiring banks serving them.” 

Other findings in A Tale of Two Merchants: The Fourth Annual Survey of Level 4 Merchant PCI Compliance Trends include that 47 percent of respondents are “unsure” or “not at all” familiar with the PCI DSS.