Merchants: Know Your Level of Security
When merchants contract with a payment processor, they are given the tools they need to make it all work. That can include Point of Sale terminals, PIN pads, software, and what ever else they need. The merchant may know that he’s supposed to be PCI compliant although, according to an article in
QSR Magazine.com, a whopping 61% don’t. Chances are, the merchant will take it for granted that the payment processor will take care of PCI/DSS. After all, the merchant didn’t write the software, provide the hardware, or program the terminal - the processor did.
That line of thinking can get the merchant in big trouble. In a January 2007 case, Abanco International LLC, (a payment processor) was fined $27,000 by Visa and MasterCard for noncompliance. They passed the fine on to the restaurant that was the common point in some compromised accounts.
The lesson
Merchants should never assume that their systems are secure. You need to know what’s required by PCI and question your payment processor to make sure you are. Then verify everything, because the chances are that the processor isn’t going to tell you if they aren’tcompliant - you might go elsewhere.
How many merchants?
It’s impossible to say how many merchants are compliant. I suspect that most are not. According to Visa, a full 99% of their merchants are small mom & pop operations. Those businesses represent about 70% of the membership at Merchant911. Most of these folks don’t know what’s expected of them, how to accomplish it, or how to remain compliant if they do. And you can bet that if something goes wrong and the payment processor can pin the problem on the merchant they are going to do just that. And it could put the merchant out of business.
