EMV and PCI Discourage Fraud
In addition to considering rates, fees, and contractual terms as you look for a credit card processing company that best suits your business, you need to look for a company that is PCI compliant and offers EMV-compliant processing equipment.
Data security is a huge issue in the credit card processing industry. Although the large breaches that you read about in the news, such as those sustained by Home Depot and Target, may lead you to believe that your business is too small for criminals to be interested in, that isn't the case. In fact, small businesses are most often the preferred targets of security attacks.
According to the PCI Security Standards Council, 80 percent of cyber security attacks are aimed at small businesses. Even more grim is the success that criminals have with their small business targets. Security experts from First Data, one of the world's largest payment technology companies, estimate that 90 percent of data breaches affect small businesses. Criminals target small businesses because many small business owners fail to prioritize data security. As a result, the data often isn't as secure as large companies that have the resources and personnel to put stronger security protocols in place.
Data Breaches Are Expensive
If your small business experiences a data breach and is found liable, the associated costs can be crippling. First Data estimates that on average, a breach costs a small business $36,000 and in some cases may exceed $50,000. Within six months of experiencing a data breach, 70 percent of those small businesses go out of business. Expenses include:
- Liability for fraudulent charges, which means you pay for any charges made to the customer's card after it is compromised
- Hiring independent forensic investigators to pinpoint the scope of the breach
- Notifying affected customers by mail multiple times and providing them with a year of credit monitoring services
- Paying PCI-compliance fines to the card brands and the acquiring (merchant) bank if you weren't in compliance when the breach occurred
- Paying for the cost of providing your customers with replacement cards
Other costs may include legal fees, upgrading or replacing your point-of-sale system and hiring a Qualified Security Assessor to assist you in establishing your PCI compliance.
In addition to the expenses that you incur due to a data breach, you may also lose business due to negative press and the loss of your customers' trust in your business. Also, if your customers are unable or unwilling to pay you in cash, you may lose business due to your inability to accept credit cards while the investigation is underway. If the card brands revoke your processing privileges due to the breach, you may be permanently unable to accept credit cards.
Protect Your Business from Fraud
You can take two important steps to increase security, protect data and reduce fraud. First, comply with PCI data security standards; second, upgrade to EMV-compliant processing equipment.
- PCI Security Standards. The Payment Card Industry Security Standards Council has established guidelines called PCI Data Security Standard (PCI DSS) to help businesses of all sizes protect payment data. Most processors require you to be PCI compliant and charge both a compliance fee for their efforts in helping you achieve PCI compliance and a noncompliance fee to discourage you from putting off annual compliance requirements. PCI DSS measures have proven to be successful in discouraging attacks, as 96 percent of merchants that sustained data breaches in 2011 were not PCI DSS compliant.
- EMV. Prior to October 1, 2015, customer losses resulting from cards that were compromised, stolen or counterfeit were dealt with by either the payment processor or the issuing bank. Now the costs for these kinds of fraud fall to the least EMV-compliant party, which in many cases is the merchant due to outdated equipment. As mentioned above, data breaches can be catastrophic for a small business, which is why it's important to upgrade to EMV-compliant equipment.
Choosing a company that helps you establish your PCI compliance (or takes care of this requirement for you), and that provides EMV-compliant equipment helps you protect your business from data breaches and other types of fraud. Read about EMV, PCI, fraud prevention and other articles about credit card processing on our website.