Small merchants are prime targets for data thieves. It’s your job to protect cardholder data at the point-of-sale by being PCI compliant.
Are you PCI compliant? If you’re not sure or you don’t know what that means, you could be held responsible if cardholder data is stolen from your business or website. You could incur fines ($5,000 to $100,000 monthly), penalties, even termination of the right to accept payment cards!
PCI is short for Payment Card Industry, which is a regulatory body set up by American Express, Visa, MasterCard, Discover and JCB. They’ve developed a minimum standard for all merchants who accept credit cards (including you!) called the Data Security Standard (DSS).
According to PCI:
More than 340 million computer records containing sensitive personal information have been involved in security breaches in the U.S. since 2005. Now criminals are shifting sights to small merchants because many have lax security for cardholder data. More than 80% of attacks target small merchants.
If you aren’t compliant with the PCI DSS, it could mean a tough road ahead for your business. Some of the costs and fallout for non-compliance could include:
- Fines and penalties
- Termination of ability to accept payment cards
- Lost confidence, so customers go to other merchants resulting in lost sales
- Cost of reissuing new payment cards
- Legal costs, settlements and judgments
- Fraud losses
- Higher subsequent costs of compliance
- Going out of business
How do you get PCI compliant?
The main goal of the PCI DSS is to protect sensitive cardholder data (e.g., account numbers, expiration dates, CVV2 codes, etc.) found in your place of business or on your business’s networks, websites or servers. Some of the ways you may be vulnerable include: compromised card reader, paper stored in a filing cabinet, data in a payment system database, hidden camera recording entry of authentication data, secret tap into your store’s wireless or wired network.
The simplest way to achieve this is to not store any sensitive cardholder data… Easier said than done. You could use one of PCI’s Self-Assessment Questionaires and address the issue yourself. But figuring out whether or not you covered all your bases could prove difficult… And as far as PCI is concerned, there’s no gray area for compliance.
The most rock-solid way to ensure your business is brought into compliance quickly and thoroughly is by hiring a network security expert like OAC Technology from Minneapolis to examine your business and bring it up to speed with PCI compliance.