Recent news stories have been filled with reports of high profile merchant data breaches and compromises of cardholder and personal information. Trustwave’s 2016 Global Security Report indicated that during 2015, nearly every industry, country and type of data was involved in a breach of some kind, and cyber security threats are increasing as quickly as businesses can implement measures against them.
You may think what’s going on with these attacks is far removed from your business—that it is too small to be of interest to cyber thieves. This kind of thinking can promote a false sense of security, but by taking steps to prevent a breach you can help preserve the integrity and viability of your business.
Why PCI Compliance is not a guarantee of security
By now, every merchant that accepts credit and debit cards knows (or should know) about the Payment Card Industry Data Security Standard (PCI DSS). PCI DSS is really important for your business, as it is an industry information security standard, relating to the processing, storage or transmission of cardholder data, created by the leading card brands to increase protection of cardholder data and reduce fraud. All merchants – however small – are required to comply or risk losing the ability to accept many brands of payment cards.
Undertaking and passing an assessment or audit is a mandatory requirement and validates that your business is following industry best practices to protect itself against a data breach. Failure to do so will result in non-compliance fines being levied by your merchant acquirer or card processor, and your acquirer may also revoke your ability to accept card payments as compliance is mandated by the card brands.
PCI DSS compliance is not a guarantee of payment data security, especially as threats grow ever more sophisticated, however it will provide a good indicator of how well-protected your business is from a potential data breach and also allows you to continue accepting card payments. Adherence to the recommended security guidelines is an ongoing process designed to minimise your risk of a data breach, however you must also undertake proactive steps to ensure this protection is robust.
A breach is costly in many ways
For any size retailer, a data breach is costly in many ways. The most obvious losses are financial in nature. The cost of a data breach, even for a small merchant, can run into thousands of dollars. If your business were to suffer a breach your actual cost would be determined by factors such as:
- Notification of customers
- Credit monitoring for affected customers
- Mandatory forensic examinations
- Card replacement costs
- PCI compliance fines
- Liability for fraud charges
Your reputation is at stake
The direct costs outlined above are just the start; the ensuing loss of reputation and loss of customer trust can be quite damaging as well.
There are numerous reasons why you should care about payment security. Probably the top reason is to preserve the integrity and viability of your business. A data breach has the potential to do costly or even irreparable harm to a small merchant.
Electronic payment systems can be complex but securing them doesn’t have to be. Today there are many resources and innovative solutions to help you bolster payment card security.
First Data partners with merchants of every size to mitigate possible cyber-attacks and secure consumers’ transactions from start to finish. First Data has the expertise and innovative solutions to keep your business protected and to ensure PCI compliance.