Given the internet data breach culture we’ve been indoctrinated into over the past few years, I need not tell you that PCI compliance is a hot issue in the world of credit card processing.
Yes, PCI compliance: it’s that thing that keeps showing up on your monthly merchant account statement that thing you keep getting billed for, regardless of whether you’re compliant or noncompliant.
To some business owners, that’s just what PCI compliance is, and, thankfully, that’s all it will ever be: a monthly fee akin to auto insurance, another thing you probably (think you) don’t need. As a business owner, should you really be concerned about a data breach of any size affecting your company?
As of late, all signs point to yes. Worldwide data breaches are down from two years ago, but as more and more credit card processing (and business in general) takes place online, hackers see the online channel as a viable way to profit. And, while PCI noncompliance is just one cause of data breaches, business owners would do well to take care of non-compliance, as it’s usually extremely easy to correct.
This isn’t meant to be a scaremongering piece; rather, it’s a wake-up call to businesses that have put PCI compliance on the back burner or, worse yet, didn’t put it on the burner at all.
Related Article: Peace Out, Paper: A Cashless Society Is on the Horizon
What is PCI compliance, anyway?
Essentially, PCI compliance is data security related to credit card information: Keeping your customers’ sensitive payment data stored securely, if you choose to store it or have it stored at all.
There are some aspects of PCI compliance that you can control, such as choosing not to write down a patron’s card number to input in your system later (since paper trails, even shredded ones, increase your liability). And, there are some aspects you can’t control directly, such as using a credit card processing program that stores credit card information on your own server in an unprotected way (and, as silly as that sounds, programs like that do exist).
Is there a bull’s-eye on your back?
Despite what you might hear, small businesses are prime targets for hackers. A report by Century Business Solutions shows that an incredible 70% of all reported data breaches occur in small businesses, much different than the story one might get just skimming headlines. Compared to the behemoths that made the news in 2013 and ’14, small businesses are just that; small.
Data breaches and losses incurred by those companies might not even translate to blips on the collective radar, but they sure affect the owners of the businesses.
Breaches related to noncompliance can be fatal
Not to you as a person, of course. But, to your business, absolutely. A report by the National Cyber Security Alliance stated that if hackers successfully breach a small business’ data, business has a 60% chance of closing its doors in the following six months.
When paired with the aforementioned statistic that 70% of reported data breaches happen in small businesses, it’s not exactly a death knell for those kinds of businesses, but, it’s close.
Hackers in the 21st century are more sophisticated than ever, and they’re aware small business owners don’t think they’re visible enough to be targeted. It just happens that they’re also too small to be seen after they’re taken down, so no one ever hears their stories.
Related Article: The Decline of Cash: 3 Electronic Payment Solutions for SMBs
Don’t let it happen to you.
Now that you know about the negative, you’ll be happy to know it’s relatively easy to protect yourself from hackers and other ne’er-do-wells in pursuit of your credit card data. Completely irrespective of data breaches brought on by hackers, it’s easy for anybody to flatten out a crumpled piece of paper with someone’s credit card information written on it.
This may not even qualify as a data breach in the eyes of some, but you’ll be held liable for its consequences all the same if it’s found you engage the practice of writing down anyone’s credit card numbers. Just resist the urge to do it, and, if your business procedures have required you to do so in the past, it may be time to look into improved procedures.
Furthermore, if you use a credit card processing solution on your own server that you know is not PCI compliant, that is, it stores full credit card numbers without any sort of encryption built in, then it may be time to look into a different processing solution for your system.
Cloud-based systems, for one, take the important step of removing all customer data from your own server so, encrypted or not, you are never held liable for a credit card information breach. And, if you aren’t sure about the status of your own credit card processing solution (or its location, whether on your sever or in the cloud), it doesn’t hurt to ask your credit card processor, or check the web for reviews of the product related to PCI compliance.
So, what does PCI compliance mean to businesses? Probably more than you thought before; in fact, the livelihood of some small businesses absolutely depends on it. Make it a point to ensure your own business is PCI compliant to avoid any potential repercussions later, and take solace in the notion your customers’ credit card data is safe. Because as a small business owner, you have enough other things to worry about than getting shut down because of a very preventable data breach.