A Thing
The Green SheetGreen Sheet

The Green Sheet Online Edition

December 12, 2011 • Issue 11:12:01

Research Rundown

Complacency an obstacle to PCI compliance

Since the inception of the Payment Card Industry (PCI) Data Security Standard (DSS) in 30%4, PCI compliance has been a gradual process for most merchants and acquirers, starting with Level 1 and 2 merchants and wending down to Level 4 merchants. To gain a snapshot view of current trends and attitudes toward PCI compliance, ControlScan and Merchant Warehouse conducted a survey of nearly 620 Level 4 merchants and released its findings in A 'Perfect Storm' of Complacency: The Third Annual Survey of Level 4 Merchant PCI Compliance Trends.

"When you look at general PCI compliance awareness, we found some increase versus last year, but only about 6 percent more of the respondents had some awareness of PCI compliance," said Heather Foster, Vice President of Marketing for ControlScan. "For the folks who have some awareness of PCI compliance, 57 percent claim that they have validated, which is 10 percentage points more than last year."

Foster said more Level 4 merchants who have become aware of the PCI DSS are now taking action. However, she saw striking differences between micro-merchants with one to 10 employees and Level 4 merchants with 51 or more employees. Survey percentages for micro-merchants were "much lower than the larger Level 4 merchants in their responses to all the questions," she said.

Foster believes that to help guide Level 4 merchants, ISOs and merchant level salespeople should be prepared to educate merchants early in the boarding process. "Level 4 merchants represent 98 to 99 percent of all merchants, but they are not a one-size-fits-all group," she said. Instead, she suggests general communications to build awareness, followed by tactical strategies that address specific merchant needs.

"Because most of these merchants, in fact 83 percent of them, think that they have little to no risk of data compromise, sharing real-life examples will help educate them that these instances do happen," Foster said. "It's a regular, sustained approach on education that's important, because PCI is not the main focus of their business."

Markiyan Malko, PCI Security Compliance Officer and Program Manager for Merchant Warehouse, said, "The other piece is that you actually need to provide them with a program where you can help them become PCI compliant. Most of the Level 4 merchants, especially if they're doing the harder SAQ D, probably 95 percent of them, can't do it alone. They actually need outside help from somebody."

Survey highlights

Following are summary findings from A 'Perfect Storm' of Complacency: The Third Annual Survey of Level 4 Merchant PCI Compliance Trends:

    Percentage of respondents familiar with PCI DSS:
    Yes, very 19 percent
    Yes, somewhat34 percent
    Unsure 22 percent
    Not at all25 percent
    Reasons given for not completing PCI compliance process:
    Don't understand63 respondents
    Still working on it54 respondents
    Don't have the resources48 respondents
    Don't care; it's too hard17 respondents
    Top three contacts for data security, PCI compliance:
    Merchant bank39 percent
    POS/payment application vendor32 percent
    Hosting provider19 percent
    Don't care; it's too hard17 respondents
    Percentage who view security as a high/medium priority:
    Respondents with 51+ employees97 percent
    E-commerce respondents94 percent
    Hosting provider19 percent
    All Level 4 respondents83 percent
    Perceived level of risk for data compromise to respondent businesses:
    Low risk74 percent
    Medium risk16 percent
    No risk9 percent
    High risk1 percent
    Percentage of respondents who've validated PCI compliance:
    Yes57 percent
    Unsure23 percent
    No20 percent

ETA/TSG report on U.S. economy

A joint report on the U.S. economy was released by The Strawhecker Group and the Electronic Transactions Association in November 2011. U.S. Economic Indicators Q3 2011Report provides a detailed analysis of economic data compiled from government reporting services and other reputable sources.

The current edition contains 26 pages of graphs and analyses of leading macroeconomic indicators, including gross domestic product, consumer spending and wages, and small business optimism; microeconomic indicators segmented by geographic region and retail sector; and an in-depth analysis of payment indicators based on data collected from leading credit and debit card brands and alternative payment providers.

Four leading industry trends

The report identified the following industry trends:

  • The payments industry is shielded against economic volatility
  • Electronic payments still have significant growth opportunity
  • Merchant portfolios have seen dollar volume attrition decline during the recovery period
  • Merchant portfolios have seen net revenue attrition increase during the recovery period

As an indicator of the payments industry's resiliency during periods of economic volatility, the report details how bankcard volumes as a share of total consumer spending have grown at a compound annual growth rate of 24 percent since 1991, and were up 7 percent for the third quarter of 2011. Bankcard volumes, at 30 percent of the $1.15 trillion in nondurable goods spending, are projected to capture a greater share of the $805 billion in non-card-based payments moving forward, the report stated.

TSG's proprietary Merchant Portfolio Performance Study, which represents data collected from 840,000 merchant accounts, showed that year-over-year merchant dollar volume increased 16 percent in the second quarter of 2011, with ending net revenue up 10 percent over the same period.

To download a free copy of the ETA/TSG report, visit

Cyber attack trends

Distributed denial of service protection service Prolexic Technologies issued a quarterly report on emerging cyber attack trends and threats.

For information about this report, please visit www.prolexic.com/attackreports

Cyber attack trends and threats

"Payments are a means to an end, and consumers have shown they will adopt if the offer meets their needs. We saw this in the rapid take-up of Square Register leading on to similar initiatives announced recently by AT&T with Intuit. Mobile as a point of sale, allowing the consumer to accept payments, fills a critical need as more people go solo."

- Charmaine Oak, Practice Lead, Digital Money, Shift Thought
Source: Mobile Financial Services in USA - a rebirth for NFC?

Check, please

Results of a nationwide survey by Wincor Nixdorf Inc. indicate over 90 percent of Americans still write checks regularly. The monthly stats for check writers: 56.5 write one to five checks each month; 21.4 percent, six to 10; 8.4 percent, 10 to 15; and 5.3 percent more than 15 checks per month

Digital wallet up for grabs

A 56-page Impact Report from Aite Group LLC, Digital Wallet: Who Will Win the Game?, provides an overview of key stakeholders in the digital-wallet race, assesses challenges in the marketplace and evaluates strategies being deployed by individual players to win a slice of the proximity payments pie. According to report author Rick Oglesby, "The playing field is set for a major battle, and traditional payments powers appear to be at a disadvantage."

Mobile demystified

Aberdeen Group's benchmark report, Mobile and Tablet Shopping Demystified: Adoption and the ROI Business Case, discusses unique, customer-centric strategies for retailers seeking to engage customers through mobile smart phone and tablet device initiatives. Top drivers for adoption of mobile shopping include external pressures from consumer expectations, 47 percent, followed by a surge in device adoption rates, at 38 percent of those surveyed. For a copy of the report, visit http://aberdeen.com/aberdeen-library/7077/ra-mobile-retail-shopping.aspx.

end of article

The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

Prev Next

Current Issue

View Archives
View Flipbook

Table of Contents

Selling Prepaid
Company Profile
New Products
A Thing