I know this blog might seem repetitive from time to time as I endlessly natter on about the importance of PCI Compliance for everyone. I try to impress upon the reader the reality that, while you only hear about the really gigantic data breaches involving large financial services or retail industries, that doesn’t mean thousands of small merchants aren’t targeted and victimized every year as well. If you’ve ever heard the term “level 4 merchant” and you’re a small business, they’re talking about you. A level 4 merchant is a business that takes fewer than twenty thousand ecommerce transactions or fewer than or equal to one million credit card transactions (of any type) in one year. Level 4 merchants have been shown to be largely ignorant of the measures to be taken for sensitive authentication data protection according to a series of studies. The studies also show that in addition to not knowing the correct security measure, small business owners appear to be very unrealistic about the impact a data breach could have on their business. Taking the time to become PCI compliant and implementing a plan to maintain PCI compliance will not only protect your customers’ information and by default your business’s ability to thrive.
A merchant whose stored sensitive authentication data is compromised can expect to pay multiple expensive fines and other penalties. They can expect a large legal bill and added costs of stolen information recovery and card replacement costs. And for sure, perhaps least considered with all the loss of revenue they’re worried about, is the irreparable damage to your company’s brand and reputation. Once these intangibles have been broken, the resulting loss of customers quite literally puts you out of business.
Verizon published their 2012 Data Breach Investigations Report where they claim that of the 855 breach incidents worldwide, ninety six percent of attacks were not highly sophisticated. Even more telling is the fact that ninety seven percent of the breaches could have been prevented using low to moderate security controls. You can take this to mean that by following just the most basic goals set forth in the PCI DSS (payment card industry data security standard) and keeping up periodically with your PCI compliance is enough to stop your every day run of the mill hacker and convince them to look for someone who still isn’t PCI compliant yet. If your business isn’t PCI compliant yet, see our home page for information on how you can become PCI compliant for free.