"Banks have a responsibility to communicate PCI to their merchants and third-party processes; it is up to the acquiring banks to ensure their merchants are aware and compliant."

The standard lists 12 broad controls that retailers, online merchants, data processors and other businesses must implement to protect cardholder data.

According to McKindley, there have been five breaches in the past 12 months, but no fines were issued because "the company's IT employees were innocently ignorant".

But merchants who fail to comply can face fines of up to US$500,000 or be excluded from processing credit cards.

NIIT Technologies sales director Stewart Evans said this lack of awareness by Australian banks affects the merchants' ability to become compliant.