Of the seven stages of grief, the most remembered is denial. It’s certainly remembered by small merchants, who often bizarrely gravitate to denial when they are told that they have been breached. At least that’s how Chris Geron, chairman of the MAC Government Relations Committee, sees it.
The justifications for this denial are many, Geron said in this week’s PaymentFacilitator.com podcast, a re-run from May 25. Some cling to the absurd belief that being granted a letter of PCI compliance means “that it’s not possible to be breached,” Geron said.
Other small merchants react negatively to a notification from a cardbrand, bank or processor. “Small retailers often believe that if the information has not been shared with them by law enforcement, that the allegation of a breach is not true,” Geron said. And some smaller store chains believe that only large chains get breached, he said, despite the fact that the opposite is true.
But the most likely reality-denying aspect is financial. Specifically, the merchants know that they can’t afford to pay for post-breach investigations or cleanup so they simply choose to deny that a breach happened.
Please give a listen to the full discussion, as it only runs 6 min., 14 sec. That’s not much time to better understand the realities of small merchants who deny reality.