The PCI Security Standards Council has called on merchants to support its push for stronger password controls.
"Small merchants are prime targets for data thieves. It's your job to protect cardholder data at the point of sale," it warns businesses.
"If cardholder data is stolen - and it's your fault - you could incur fines, penalties, even termination of the right to accept payment cards."
In order to avoid this, firms must provide proper password controls and systems, and back the plan by standing up as leaders in the Passwords for Purchases programme.
"Hacking easily guessed or weak passwords on payment systems is one of the leading methods criminals use to steal valuable credit and debit card information from small businesses today," said Bob Russo, general manager at the PCI SSC.
"Yet, the majority of these companies don't even know there's a password on these systems, let alone where to find it or how to change it.
"Payment security is a shared responsibility. We need everyone to help educate the small business, and that's the main driver behind the Passwords for Purchases initiative."
Passwords and their protection have been big news this year, and firms including eBay, Target and others have admitted to, and dealt with, problems.
The PCI SSC will be looking to spare other companies this trouble and wants to recruit 50 password ambassadors for an advice coalition that will come into being in July.
The PCI SSC urges merchants to insist that users have passwords that are seven digits long and include a mix of letters and numbers.
Latest Tesla news: Tesla stock price tanks amid reports of 'widening probe' by SEC and claims the base Model 3 loses money
SEC 'probe' takes its toll on Tesla as new research suggests that Tesla loses $6,000 on every $35,000 Model 3
10nm Cannon Lake Core i3-8121U CPUs make a rare outing with Intel's NUC mini PC
'Notorious' Australian child hacker thought he had executed 'flawless' hack
The former employee says that Tesla fired him for bringing the accusations to management internally