First Data, NRF Release Small Business Data Security Study

Small retailers are aware of data security and fraud prevention strategies but unclear on potential liabilities following a breach or noncompliance.

January 13, 2011

NEW YORK - Earlier this week, the National Retail Federation and First Data Corporation released results from a joint study of data security and fraud prevention strategies practiced at small to mid-sized retailers, those whose annual sales are typically less than $100,000.

The results reveal that a majority of respondents (86%) are intent on securing their customers' credit card data and appreciate the value of card data security. However, nearly two-thirds (64%) said their business is not vulnerable to credit/debit card data theft and 60% said they were unaware of potential liability they would incur in the event of a breach.

"This data is not surprising as small retailers don??t have the resources to keep up with PCI mandates, let alone respond to them," said Gray Taylor, executive director of PCATS and payments consultant to NACS. "What is scary is that most of the respondents of this survey have simple, less-vulnerable stand alone terminals. Our industry is much more sophisticated, with the average store having more than 20 lanes accepting cards."

Other key findings in the report include:

? Two-thirds (66%) of respondents claimed awareness of the Payment Card Industry Data Security Standard (PCI DSS), of which 49% have completed a self-assessment

  • 42% did not know that merchants are obligated to conduct a self-assessment
  • 41% were unaware of recent changes in regulations
  • 60% said they were unaware that credit card companies could fine their business a per-card fee in the event of a data breach.

The underwhelming numbers underscore the value of PCATS' efforts at making PCI compliance achievable for all merchants.

"This is why the Data Security Committee of PCATS focused on easing the complexity of data security early on in 2010, and convinced PCI to allow most of our stores to comply at a much simpler level by implementing a few changes in the store network," Taylor said. "We have had retailers tell us that the savings of this one initiative could save the industry $90 million in compliance costs."

More than 4% of respondents said they had been victims of data security fraud, which extrapolates to roughly one million small businesses impacted nationwide.

"Our survey results illustrate that smaller retailers take protection of their customers?? sensitive payment card data very seriously and continue to add more layers of security to their business operations," said Mark Herrington, senior vice president of Global Product Management and Innovation, First Data. "The finding we found most intriguing was the confusion around the potential liabilities in the event of a data breach. We??re confident that continued education in the payments industry will raise awareness of the importance of annual self-assessments and the right mix of data security and fraud prevention tools."

Find out more about PCI compliance and how NACS products ?" EZ PCI and TurboPCI ?" can help you navigate the complicated process of becoming compliant.

Advertisement
Advertisement
Advertisement