Skip navigation

PCI Requirements Bewilder Small Retailers: Survey

Though small retailers are aware of Payment Card Industry Data Security Standards (PCI DSS), they feel frustrated and bewildered with the complex requirements, according to a survey of small retailers by ControlScan, the National Retail Federation, and PCI Knowledge Base.

LA JOLLA, Calif. — Though small retailers are aware of Payment Card Industry Data Security Standards (PCI DSS), they feel frustrated and bewildered with the complex requirements, according to a survey of small retailers by ControlScan, the National Retail Federation, and PCI Knowledge Base.

The research was released today in conjunction with NRFtech, NRF’s IT Leadership Summit here.

According to the survey, 72% of small retailers believe the risk their company faces from a data compromise is “low” or “not possible.” However, 67% of previously breached respondents considered the risk from a data compromise to be “high” or “medium,” and, as a result, typically spend more to help secure their businesses.

“Small merchants often do not understand the severe consequences of a data breach and are understandably overwhelmed with the intricacies of becoming compliant in the first place,” said NRF Chief Information Officer David Hogan. “Until industry service providers and the PCI Security Standards Council make compliance easier to understand and less complex to implement, many small merchants will likely continue to be frustrated and bewildered, causing some of them to abandon the idea of compliance altogether.”

Merchants surveyed included ecommerce, retail store and mail order/telephone order operators.

Read More of Today's Headlines