The News Journal – Sixty-three percent of consumers believe merchants are the “weak link” when it comes to data security, a November report by Pleasanton, Calif.-based research firm Javelin Strategy & Research found. But complying with PCI’s security standards is costly for merchants, Javelin said. Depending on the size of the company and the payment system it uses, the price tag for technology upgrades, audits and maintenance could range from several thousand dollars to seven figures. “Merchants are feeling overburdened by this,” says the report’s co-author, Bruce Cundiff. “They’re really the ones who are feeling the pressure from Visa and MasterCard.”

Merchants agree that something should be done, but beefing up security at the retail level is not the best answer, they say.

“All of us—merchants, banks, credit card companies and our customers—want to eliminate credit card fraud,” the National Retail Federation’s Chief Information Officer David Hogan wrote to the PCI SSC in October. “But if the goal is to make credit card data less vulnerable, the ultimate solution is to stop requiring merchants to store card data in the first place … it makes more sense for credit card companies to protect their credit card data from thieves by keeping it in relatively few secure locations than to expect millions of merchants scattered across the nation to lock up their data for them.”

Eighty-one percent of merchants store credit card numbers and 73 percent store credit card expiration data, a recent study by Forrester Consulting on behalf of security company RSA found.

A Delaware company thinks it has found a solution: skip over the merchant entirely, never allowing retail stores to collect the card data, much less store it.

“At the end of the day, if you don’t have the cardholder numbers, you’re in no danger of exposing them if you’re compromised,” says Jason J. Gwynn, vice president of sales at a Wilmington-based payment processing company, Electronic Payment Exchange (EPX). Read Full Article