Many merchants don’t spend too much time thinking about compliance under PCI-DSS requirements. This is unfortunate because merchants themselves can be liable for credit card data breaches related to their equipment or employees. Aside from the risk of being financially liable for fraud-related card issues, the reputation damage from a data breach can put a company out of business. If a news story shames a merchant for data theft, customers will choose to have their cards swiped at shops that seem safer.
How big of a problem is the lack of PCI compliance? A study by the US Secret Service showed that 96% of the data breaches involving merchants involved non-compliance with PCI-DSS regulations at the time of data theft. According to Visa, 95% of data breaches hit small business customers. While breaches involving large companies may make headlines, the theft of even a few card numbers can be a nightmare for small businesses, who may have to foot the cost of an investigation, replacement cards, and other costs associated with a breach. In extreme cases, a business might even lose its ability to process credit cards.
The good news is that many processors offer PCI-DSS Self Assessment tools and software designed to find weak points in your payment process and network that could be exploited by hackers and dishonest employees. One of these tools is a Self-Assessment Questionnaire that can be used to discover common items that should be fixed. In some cases, a few simple changes can make you less vulnerable to hackers and theft. Because each questionnaire will vary depending upon your setup and equipment, you should ask your processor for the most relevant questionnaire for your business.
Smaller businesses are often targeted by hackers because they have far fewer safeguards than larger enterprises. Even so, it is more critical for a small company to prevent data breaches and theft, because the costs associated with a data breach may be enough to kill the business. Wherever possible, usernames and passwords should be secure, while access to transaction data should be severely limited. Capital Processing Network works with customers to ensure that their terminals and systems are PCI-DSS compliant. If you are a small business owner, or have any stake in a company that processes credit cards, you owe it to yourself to take a PCI-DSS self-assessment and thwart data thieves before they have the opportunity to strike.