As the PCI Data Security Standards work to better protect large retailers, cyber criminals are turning their attention to smaller merchants, which tend to be less PCI compliant, according to an industry expert.
Jen Mack, Verizon's director of global PCI consulting services, recently said Level 3 and 4 merchants are now being targeted for theft of credit card data. Level 3 merchants process 20,000 or more transactions annually, while Level 4 merchants process fewer than 20,000.
"Massive amounts of data are at these merchants, and they clearly don't have the same level of security as larger retailers do," she said.
Among her recommendations, Mack advises small businesses to outsource all parts of the card transaction process to a payment processor. This will better help them deal with the mountain of data.
Plans for educating small merchants and a compliance push by the PCI Security Standards Council include an educational website for Level 3 and 4 businesses. The site will launch around the same time the final draft of the new PCI compliance standards is released at the end of this month.