Find the best credit cards and credit card offers on the web
  CREDIT CARD HELP / CREDIT CARD ADVICE twitter facebook  

Credit Cards > Credit Card News > Credit Cards General > Smaller Merchants May Offer Less Credit Card Security
 
 

Smaller Merchants May Offer Less Credit Card Security

 
By Eva Norlyk Smith, Ph.D.
 January 16, 2010

According to a recent survey, credit card security may not be as alive and well as most consumers assume. The study surveyed 560 U.S. and multinational organizations for the degree to which they complied with the Payment Card Industry’s Data Security Standard (PCI DSS). The survey was conducted by the Ponemon Institute, a company specializing in research into privacy and information security policy.

The PCI DSS is an industry standard introduced in June 2005 by major credit card companies. It outlines the essential security measures companies must take to guard the credit card information and other customer payment data companies collected during credit card transactions.

The survey found that many smaller merchants don’t make the investment necessary to comply with PCI DSS. While almost three out of four large merchants with 75,000 or more employees complied with the standards (70 percent), only about one in four (28 percent) of smaller companies with 501 to 1,000 employees said they were compliant. Indeed, of the companies surveyed, 55 percent only secured credit card information, but not other vital personal data involved in identity theft, such as Social Security number, driver’s license numbers, or bank account details.

At the same time, the need for greater protection of credit card information was underscored by one sobering fact: 79% of respondents said they had had at least one data breach involving loss or theft of credit card information.

The main reason quoted for not complying with PCI DSS was cost. Three in five of the companies in the survey said they lacked the resources to comply with PCI DSS; this was less of an issue for larger companies. On average, the companies surveyed said they spent about 35 percent of their IT security budgets on PCI DSS compliance.

Unlike security protection for individual computers, PCI DSS doesn’t involve the use of specific security software, but instead prescribes basic security practices, such as using a firewall, SSL (Secure Sockets Layers) and some type of antivirus software. Astonishingly, one in ten of the companies in the survey that said they were PCI DSS compliant, at the same time reported that they were not using antivirus, firewalls and SSL security software.

Credit card companies demand compliance from the merchants accepting credit cards, and the expectation was that most merchants would be compliant at this point, four years after the introduction of the standards. The PCI DSS standard is currently under review, and industry professionals, concerned about the growing threat of credit card fraud, are sure to modify the standards to make them easier to meet for both large and small companies.

As a consumer, should you be worried that merchants may not be as compliant with recommended security measures as previously assumed? Well, yes and no. Credit cardholders are not held liable for any fraudulent use of credit cards, that tab is picked up by the credit card companies and/or merchants involved.

At the same time, however, the results of the survey underscore the need for cardholders to be ever-vigilant and study their statements in detail each month to make sure it contains no unauthorized charges.


share digg facebook stubmleupon reddit delicious twitter
 
     

 
 

VIEW RELATED STORIES

2009 Continues Trend of Record Credit Card Security Breaches - In 2008, data security breaches reached record levels, increasing by 47% from 2007 to 2008, according to the non-profit organization Identity Theft Resource Center. With a total of 310 security breaches reported by July this year, 2009 cybercrime attacks so far are keeping up with last year’s record data breaches. In addition, 2009 has the dubious distinction of being the year of the largest-ever data security breach with cybercriminals in one instance making away with more than 100 million credit card numbers and other personal information.

Credit Card Security – Are One-Time Credit Card Numbers Next? - Identity theft is a growing trend worldwide. Millions of people each year have their personal data, bank account information, or credit card numbers stolen, and it sometimes takes months before the theft is discovered.

8 Ways to Increase Online Credit Card Security - Despite rising security efforts, internet credit card fraud remains a leading threat. According to experts, the cost of cyber crime to the global economy may soon reach $1 trillion in losses – and the cost to the U.S. alone is estimated at nearly $8 billion.

ALL CREDIT CARD HELP & ADVICE ARCHIVES >>

  
     

 
 

Comments are closed.

  
     


                 
Credit Card Categories     Subscribe   About   Cards by Country
Best Credit Card Offers With
Online Applications
0% APR Balance Transfer
Cash Back Cards
Low Interest Cards
Airline Miles & Travel Reward
Credit Cards
Business Credit Cards
 		Gas Rebate Credit Cards
Car Rebate Credit Cards
Instant Approval Cards
Establish Credit, Credit Cards
Student Credit Cards
Prepaid Cards
Rss Feeds RSS Feeds
Twitter Twitter
Facebook Facebook
Bookmark Bookmark Us
About Us
Contact Us
Editorial Team
Media Relations
Privacy
Terms of Use
Site Map
Canada Canadian Cards
UK U.K. Credit Cards
Australia Australian Cards
Belgium Belgium Cards
Norway Norwegian Cards

Disclaimer:* See the online application for more information about the terms and conditions for these credit card offers. Every sound attempt has been made to preserve precise information. However all credit card information is presented without guarantee. After clicking on the offer you desire you will be taken to the credit card issuer's web site where you can review the terms and conditions for your selected offer.


Copyright © CreditCardGuide.com, a Bankrate, Inc. property 2010. All Rights Reserved