Is your business PCI compliant or complacent? While it’s true that data breaches happen regularly to larger businesses, the impact on SMBs can be worse than you’d think. Worse yet, a business could be suffering a data breach and not even know it.
Small Businesses and Security
Basically, if your business accepts credit cards it should be PCI Compliant. True, SMBs don’t have the same amount of capital as their larger counterparts. Yet, the impact of a data breach can have large implications. Trustwave reports that SMBs make up 90% of the data breaches that impact businesses. Malicious hackers specifically target SMBs. More likely than not, it’s because SMBs are more likely to have weaker security measures in place.
Credit card theft costs small businesses big time. at least $20,000. According to Verizon’s 2015 PCI Compliance Report, 69% of customers would not conduct business with a company that’s been subject to a data breach. To make matters worse, small businesses aren’t even aware that data has been stolen until it’s too late.
Usually, when a credit institution sees a rising trend in breaches they trace it back to a single source and notify the proper authorities. More to the point, running a PR campaign and ramping up security is business as usual for larger business chains. Unfortunately, should a small business be subject to a data breach, it would be subject to a security audit. If an SMB was subject to a breach, and it was discovered they weren’t following PCI Compliance regulations, they could be fined up to $50,000.
What is PCI DSS?
PCI DSS is an acronym for Payment Card Industry Data Security Standard. The purpose, to provide the rules and regulations that keep card data safe from breaches. These rules and regulations were put together by five major card brands, Visa, MasterCard, Discover, American Express, and JCB. Together, they form the PCI Security Standards Council.
What’s The Worse That Could Happen?
Maintaining PCI compliance is vital for the survival of all merchants who process card payments. First and foremost is the financial penalties that can be accrued. Fines levied by banks and credit card institutions can range as high as $500,000. This is because banks will impose fines based on their need to forensic research. may fine based on forensic research they must perform to remediate noncompliance.
If a company was the subject of a breach, and did not maintain PCI compliance, credit card companies may levy fines. Furthermore, they may not allow a company to use their cards to accept payments.
Worse of all, studies have shown that 65% of customers are unlikely to do business with a company that experienced a security breach. This is because the customers must now check their banks or credit card companies to be sure that they weren’t affected. This can be a huge issue with regards to trust. Losing the trust of your customers can be quite costly.
12 PRIMARY REQUIREMENTS OF PCI DATA SECURITY STANDARDS
- Install and maintain a firewall configuration to protect cardholder data.
- Do not use vendor-supplied defaults for system passwords and other security parameters.
- Protect stored cardholder data.
- Encrypt transmission of cardholder data across open, public networks.
- Use and regularly update anti-virus software.
- Develop and maintain secure systems and applications.
- Restrict access to cardholder data by business need-to-know.
- Assign a unique ID to each person with computer access.
- Restrict physical access to cardholder data.
- Track and monitor all access to network resources and cardholder data.
- Regularly test security systems and processes.
- Maintain a security policy and ensure that all personnel are aware of it.
IVR Technology built our phone payment solution, PayIT, with data security in mind. PayIT allows convenient payments, without compromising security. Our mobile payment solution is PCI Level 1 Compliant. More specifically, this is the highest level of security compliance that a service provider can receive.
Latest posts by Ashley (see all)
- IVR Technology Group Makes Inc. 5000 List - August 16, 2017
- Prestophone: The Next Generation Business Communications Platform - August 8, 2017
- Argyle Technology Merges With IVR Technology Group - August 8, 2017
- How Is Call Tracking Valuable To Facebook Advertisers? - August 4, 2017
- Should You Make the Switch to a Hosted PBX Solution? - August 4, 2017