Diversity Reigns: The Second Annual Industry Survey of Level 4 Merchant PCI Compliance Trends
When it comes to PCI compliance, the payment card industry classifies millions of small merchants into a single group based on transaction volume (‘Level 4’ as defined by Visa). While this categorization stands as an effective way for the payment brands and acquirers to classify merchants and enforce Payment Card Industry Data Security Standard (PCI DSS) compliance, size definitely matters in the way that small- to mid-sized merchants approach PCI compliance. This conclusion is just one of the major findings from a survey of nearly 630 Level 4 merchants conducted in August 2010 by ControlScan and Merchant Warehouse.
According to the survey, the size of the Level 4 merchant drives how they perceive data security and the steps they take to protect sensitive information. The study suggests, the smaller the merchant, the less familiar they are with PCI compliance. As a result, ISOs and acquirers need to do away with a ‘one size fits all’ strategy for educating their merchants on PCI DSS and tailor their approach to targeted merchants’ needs.
Additional topics include:
- How awareness of PCI DSS and the diversity amongst Level 4 merchants impacted responses to the survey
- Merchant perception of the risks associated with data breaches and common misconceptions
- Recommendations on how ISOs and acquirers can tailor their approach to PCI DSS merchant education
The findings are based on survey responses representing all types of ecommerce, retail store and mail order/telephone order (MOTO) merchants.