Given that the solution suggested by the article is to use a gateway (with a payment page, instead of forwarding CC numbers yourself), the gateways stand to make more cash, especially since some charge more for storage (which you'll need for recurring payments).
Having said that, merchants at the level 2-3 size often won't have renegotiated rates agreed with their acquirer back when the merchant was smaller - doing so can soften the impact of outsourcing capture/storage considerably (perhaps even pay for it completely).
Agree that merchants should read PCI-DSS, but smaller shops may not have the expertise/time to realise/handle the implications (do you record telephone calls from customers, for instance?). For any size of merchant, to be able to say "we're unlikely to be breached as we don't store card numbers" is a good thing indeed.
Having said that, merchants at the level 2-3 size often won't have renegotiated rates agreed with their acquirer back when the merchant was smaller - doing so can soften the impact of outsourcing capture/storage considerably (perhaps even pay for it completely).
Agree that merchants should read PCI-DSS, but smaller shops may not have the expertise/time to realise/handle the implications (do you record telephone calls from customers, for instance?). For any size of merchant, to be able to say "we're unlikely to be breached as we don't store card numbers" is a good thing indeed.