If you read our blog regularly you know that for the past few weeks we’ve been going over in detail the procedures a merchant must follow if a breach occurs and who to contact. Though there will be a few more installments before the series is complete, I feel it’s necessary to digress for the purpose of bringing up a disturbing problem that seems to be continually on the rise. It is the practice of mixing true information with outright false information in such a manner as to scare business owners into thinking that they are at risk of being penalized for violating industry regulations. And, using the tactics of a confidence man, slowly dupe the business owner into (often unwittingly) signing up for a new service with questionable ethics & undisclosed fees.
It’s been said that a little bit of knowledge can be dangerous & here is an example of when this is true. Sometimes referred to as “cuckoo” companies, their mode of operations is basically the same. Your front desk employee gets a phone call from a friendly rep from “merchant services” to inform the business that their current credit card machine is not “PCI PED” compliant & must be upgraded to avoid industry fines and penalties. The cuckoo rep then says that luckily based on the merchant’s excellent standing and service history, they are eligible for a free upgrade to a compliant machine that only requires a few forms to be signed. Then a rep will come by to install the equipment or ship it to them and walk them through installation over the phone. The receptionist has heard of this PCI thing and is pretty sure the name of their service is Merchant Services or something very close, and so starts answering questions and unknowingly providing sensitive information to an impostor. Before the merchant knows that they’re being scammed it’s frequently already too late. They’ve inadvertently signed with an unknown and unethical service provider with higher rates and fees for no reason.
This is why one’s understanding of the PCI DSS and PCI compliance is vital. One needs to know that PCI PED stands for payment card industry PIN (Personal Identification Number) entry device. A PIN entry device is often a peripheral piece of equipment called a PIN pad that is handed to customers so they can enter their four digit PIN code on debit card purchases. The majority of small businesses don’t even process PIN debit since they can still accept the same card as a credit transaction and not have to invest in more expensive equipment. Had this been known by a savvy receptionist or business owner, the scam would have perished in its infancy.
The answers to all of your questions about becoming PCI compliant can be found on this website. Visit our homepage to learn how you can achieve PCI compliance today for free.