The Level 4 merchant group represents 98% of all U.S. retailers, is primarily comprised of SMBs, and numbers in the millions. The research report reveals that as a group these merchants are making progress, yet key concerns remain.
“Nearly three-quarters of survey respondents believe complying with PCI standards improves the security of their business, and that’s encouraging,” said Joan Herbig, CEO of ControlScan. “As a whole, though, these merchants are showing a lack of corresponding activity for prevention and detection. In addition, they are not prepared should a data breach occur.”
A total of 615 Level 4 merchants responded to the 2013 survey, providing many critical insights for independent sales organizations (ISOs), acquirers and other merchant service providers (MSPs), including:
- 43% are personally responsible for information security in their organization, while 35% say no one is assigned the responsibility;
- 51% do not require their third-party service providers to achieve and maintain PCI compliance; and
- Only 36% have developed an incident response plan (IRP) for their business.