Are you PCI compliant? That is, to say, have you ever been bitten by a coral snake?
This deadly, brightly colored serpent resides in this country from North Carolina down to Florida and Texas. It has the second most potent venom besides the black mamba.
I have lived in Florida for years but have never seen or been bitten by a reclusive coral snake. If my dog got bitten by one tomorrow, it could die from paralysis relatively quickly.
Similarly, my business takes credit cards. I have never had a data breach. If I had one tomorrow, chances are my business could go out of business.
PCI Compliance: Insurance Against a Data Breach
You may be a QuickBooks, Stripe or Square user. You hear the term “PCI compliance” and groan. It is technical and confusing.
When someone yells if you are PCI compliant, you remember your mom telling you to eat your vegetables and your accountant chiding you to log business trip miles in your car.
PCI compliance doesn’t have to be headache. In this post, I explain what it is and why you need to pay attention.
What is PCI Compliance?
PCI compliance is one strategy that financial institutions use to keep private customer information safe. Payment Card Industry Data Security Standard (PCI DSS) is a set of criteria created to reduce credit card fraud. In 2006, Visa, MasterCard, Discover, and AMEX established the PCI Security Standards Council using the model framework of the best security practices from around the world.
Any business or company that processes, stores, or transmits credit card information is required to comply with PCI standards. It is a vital part of business security and a necessary cost of doing business.
PCI Compliance … Whatev’s
I return to the coral snake analogy. As a long-time Floridian, I’ve never seen one — what’s the big deal?
Well, if your business gets bitten by a coral snake and suffers a data breach, you could be hit with penalties ranging from $5,000 to $100,000 or more by Visa, MasterCard, Discover or American Express.
The average cost of a card breach is $150 PER RECORD.
Uh, I’m Listening …
Imagine a couple scenarios.
Say your employee writes a full credit card number on a piece of paper to complete a transaction later. If that scrap of paper somehow allows that card number to get accessed later, your business gets fined.
Say you receive credit card info via text or email. If your email or phone get comprised and those card numbers get accessed later, you could get fined for every single card number.
Going Out of Business Isn’t Hyperbole
A recent National Cyber Security Alliance report found that of 1008 small businesses with up to 500 employees, 10% went out of business after a data breach, 25% filed for bankruptcy and 37% experienced financial pain.
From these respondents, 28% experienced a data breach in the last year with 11% of these victims being from micro-sized companies with 10 or fewer employees.
Does Poor Credit Card Handling Have You Snake Bitten?
I could spin numbers and scary hypotheticals forever, but you get the point — handle credit card information safely.
Remember, roughly 7,000-8,000 Americans are bit each year by a venomous snake. Odds are it won’t be you, but still proceed cautiously.
Are You PCI Compliant?
PCI compliance consists of 12 basic requirements over six categories that protect cardholder data against fraud, hacks, data breaches, and malware.
- Build and Maintain a Secure Network and Systems by installing and maintaining a firewall to protect cardholder data and being sure to change any default passwords and security parameters.
- Protect Cardholder Data with encryption across open, public networks.
- Maintain a Vulnerability Management Program by using secure systems and applications, including regularly updated anti-virus software.
- Implement Strong Access Control Measures by restricting employee access to cardholder data and assigning a unique ID to each person with computer access.
- Regularly Monitor and Test Networks by tracking all access to network resources and cardholder data, and regularly testing security systems and processes.
- Maintain an Information Security Policy for employees and contractors.
These industry standards protect credit card issuers and those who process those payments by keeping customer information safe. All businesses, regardless of size, are required to comply with PCI standards by completing an annual Self-Assessment Questionnaire and/or pass a quarterly PCI Security Scan.
EPP Simplifies PCI Compliance
Businesses and financial institutions have a responsibility to their customers to protect their private information. For smaller business owners, a payment processor can help simplify PCI compliance.
Financial services like these make it easier to accept secure credit and debit card transactions while maintaining security through easy-to-follow steps.
When a business commits to keeping vulnerable information out of the hands of those who would do harm with it, they minimize the likelihood of a data breach. This transparency and accountability only build trust with potential customers, securing the healthy future of a business.
In working with a payment processor, they might nick you on your monthly statement with a “noncompliance” fee. Essentially, they are charging you anywhere from $10-250 per month for not being PCI compliant.
After a year of these fees, you could be leaving serious money — some $200 to $1800 on the table in fees.
PCI Compliance may be a nuisance. If not taken seriously, it could threaten the financial security of your business. You can avoid noncompliance fees and protect your business from large fines if you are breached.
How?
By completing a PCI compliance survey with your payment processor. If they don’t enable this or the process is complicated, tap here for a free consultation with Ethical Pay Pro, a credit card processing consultant. We simplify PCI compliance.