How can issuers and acquirers help smaller merchants improve payment card security? One way is to dramatically ramp up their efforts to educate the retailers about PCI compliance, says Michel Christodoulides, Barclaycard's vice president of payment security.
"Small merchants probably suffer most, in many ways, from the payment security breaches," Christodoulides says in an interview with Information Security Media Group conducted at the PCI Security Standards Council's North American Community meeting last month in Las Vegas. "Small merchants are experts in whatever their business is. ... But we shouldn't expect our small merchants to be experts in cybersecurity, information security and the technical language that takes place behind the scenes."
In July, the PCI Council released a compliance resource for small merchants (see Can Banks Help Small Merchants with PCI?).
As an acquirer, Barclaycard, part of the retail and business banking division at London-based Barclays, is now pushing that guidance out to its customers and encouraging other banks to do the same, Christodoulides says. "What we are doing is enabling the small merchant to take advantage of industrywide expertise that's contained within the [PCI Council's Small Merchant] Task Force," he says.
The goal is to help small merchants ensure that they are adequately mitigating their risk of being breached, he adds.
"Let's not be too complacent about this," Christodoulides says. "The criminal is not concerned about which part of the world you're in. The criminal is looking for the easy pickings. And if we can enable our small merchants to make the right decisions by using the guidance that has been published, then that will protect and contribute toward protecting the small merchants."
During this interview (see audio player below photo), Christodoulides also discusses:
The role of the PCI Council's Small Merchant Task Force; How Barclaycard is promoting the new small merchant guidance to is merchant customers; and Why small merchants outside the U.S. need to be more educated about emerging payments risks.Christodoulides represents Barclaycard as a member of the PCI Security Standards Council's board of advisers. He is co-chair of the council's Small Merchant Task Force and is a PCI internal security assessor. At Barclaycard, he focuses on mitigating risks that threaten payment card security.