About two years ago, I had a conversation with a family member about his Stone Age practice of using cash and checks for almost every purchase. He admitted to owning just one credit card and no ATM or debit card, and he didn’t even know about online banking.

I poked fun at him. I couldn’t imagine how he can live with the inconvenience of carrying cash and a checkbook, using them to cover every purchase he makes. I joked about the Information Age passing him by.

Now I’m thinking he might have the last laugh.

The more I learn about computer security (or lack of it), the more nervous I become about our society’s increasing dependence on information rather than cash as legal tender. By information I mean the type of data typically embedded in the magnetic strip on the back of a credit or debit card, or the data of a bank or payment account. Today it’s possible to buy virtually anything without handling real money.

Lately I’ve been thinking about how often and where I use my debit card. I pull it out for almost every in-person purchase, including the small ones for just a few dollars. At the gas station, the grocery store, the hobby shop, the dry cleaner, the stop-n-rob convenience store. It’s just so easy, so convenient, to swipe my card, type my PIN and be on my way.

Having just concluded research on PCI compliance, I’m now acutely aware of how many companies that accept payment cards have data security violations. Many small retailers (like the ones mentioned above) aren’t even aware of PCI DSS, much less comply with it. With every swipe of my card, I’m putting my financial well-being at risk by not knowing precisely how the data is used, stored or transmitted.

The PCI Data Security Standard was adopted to protect businesses and their customers from data loss that could lead to theft by fraud. There are four levels of the standard that apply to retailers based on the number of payment transactions they process each year. The lowest (least stringent) level of the standard is reserved for the small volume retailers.

According to Gartner and Digital Transactions News, there are more than 6 million North American retailers in this category – far more than in all other merchant levels combined. Only about 19% of these retailers meet the PCI standard for data security. Put another way, about 80% of the time, the small merchant in your neighborhood is playing Russian roulette with your financial information.