If you read this PCI Compliance advocacy blog regularly you may notice that it tends to focus mainly on the typical small business. The PCI DSS (payment card industry data security standard) was created along with the PCI SSC (payment card industry security standards council) to improve the integrity of the electronic payments system as a whole. This can only be effectively accomplished if literally every merchant processing electronic payments proactively strives to be PCI compliant. By this I mean to approach PCI compliance in the spirit of the initiative, not just the letter of the requirement.
Small business owners, known in industry jargon as “level 4” merchants, continue to be the weak link in the in the chain of sensitive authentication data security. Incredibly, recent studies are continuing to find that level 4 merchants are still largely unaware of their own vulnerability to cyber attacks. Those who are aware of their vulnerability still exhibit inordinately low concern about this known vulnerability. Hopefully you non-PCI compliant merchants out there know that a data breach doesn’t just mean your customers whose information was stolen have to be alert now that their card numbers or other sensitive authentication data is out there. There are fees-per-account that has been compromised. There will be multiple investigations that you pay out of pocket when a breach occurs and the merchant isn’t PCI compliant. And don’t forget all of the lawyers that will inevitably be involved in matters of this nature. Who do you think pays for their time? The card associations don’t pay a dime, nor do the banks whose customers’ cards were stolen, you pay. You pay and pay and pay, and if you aren’t drained into bankruptcy by that, you very well may have lost a sizeable portion of your customer base. And even then, the damage to your company’s brand image and reputation will surely deter many future customers for a long time to come.
It’s time to stop pretending that it’s not going to happen to you. It happens to someone, many people in fact, on a daily basis. So if your business is not PCI compliant yet, and I think I’ve said this before, you are fooling yourself. It’s not whether or not a perusing hacker will check you out and rob you at some point, but when will they. If you want the peace of mind that comes with being PCI compliant, check out our home page where you can obtain PCI compliance for your business. Best of all it is absolutely free.