Report: E-Commerce Merchants Significantly More Aware of PCI Requirements, Prepared for Breach

Nov. 12, 2013

PCI compliance among small merchants—both awareness and actual validated compliance—increased markedly from 2012 to 2013, but their response to security threats still is lacking in many areas, according to a new report from ControlScan and Merchant Warehouse. Payment Security and the SMB: The Fifth Annual Survey of Level 4 Merchant PCI Compliance Trends found, among the 70 percent of Level 4 merchants that were aware of PCI requirement, compliance grew from 50 percent last year to 70 percent in 2013. Awareness is up overall, according to Heather Foster, vice president of marketing for ControlScan, but even more so for pure e-commerce merchants.

“Over the last year or two, awareness of PCI and compliance rates had stagnated, but this year we’ve seen some progress in that area,” said Foster. “Awareness is even higher for e-commerce companies. They are accessing more technical people in order to keep up their Websites and their customers are a little nervous about putting their credit-card information online, so they’re probably more sensitive than traditional brick-and-mortar retailers.”

On a more negative note, the study found that 71 percent of merchants polled think they are at little or no risk for a data compromise and barely more than a third have a formal incident response plan in place if a breach were to occur. Again, Foster pointed to e-commerce merchants as significantly more prepared than Level 4 merchants overall with nearly half acknowledging they have a response plan in place.