Around 60% of UK online retailers do not know whether they are in compliance with the Payment Card Industry Data Security Standard (PCI DSS), according to a survey from Sage Pay.
Around two thirds of the 1000 SMEs polled by the security vendor say payment fraud remains one of the most daunting elements of running an online business.
In addition, only a small proportion of respondents could demonstrate a clear understanding of the financial risks and implications associated with conducting business online.
Only 39% of retailers questioned actually understand the definition of PCI DSS compliance, while 65% do not believe that they are personally responsible for covering the implications of payments fraud committed on their site.
Yet despite this, three quarters say they will invest to grow their online businesses this year.
Simon Black, MD, Sage Pay, says: "Payment fraud poses a significant threat to online retailers in the UK. Online retailers have become adept at driving traffic to their Web sites but there is still a significant knowledge gap when it comes to understanding and implementing payment security."
Black says firms should improve their awareness of PCI DSS, which "has significantly reduced the impact of credit card payment fraud within the UK".
However, the system has come in for criticism recently, particularly in the wake of the Heartland Payments Systems and RBS WorldPay data breaches.
At the time of the breaches, both companies had received PCI DSS certification but this proved of little value, with firms only needing to be in line with the rules at the time of their assessment.