PCI compliance isn’t a joke people. It isn’t a new “tax” perpetrated by the payment card industry. The PCI DSS (payment card industry data security standard) is an industry movement towards tighter network security. Becoming PCI compliant not only helps protect your customers but also helps protect the integrity of the electronic payments industry on the whole. And not least importantly, making yourself PCI compliant helps protect your business. This often includes data breach coverage insurance that will offset your expenses if you do become the victim of a data breach. If you aren’t PCI compliant and a breach occurs where customers’ sensitive authentication or personal data has been compromised, you will find yourself in an extremely delicate and costly situation.
Industry researchers along with computer network security companies and security software developers continue to find that level 4 merchants, or what you think of as a small business (level 4 merchants process less than 20,000 transactions per year), are by far the weakest link in the chain of network data security. A breach, no matter how small, can result in the death of your business due to the aforementioned costly fines. There is also the expense of multiple required investigations performed by card association representatives as well as outside investigators. Not as salient as the high cost in the aftermath of a data breach is the severe brand and reputation damage. Even if you can afford the fines and fees, the loss of customer traffic due to loss of trust can be the final nail in your coffin.
Verizon published its Data Breach Investigations Report in 2012 in which they examined 855 individual breach incidents that collectively affected on the order of 174 million records that were compromised. This next statistic is just depressing. Verizon found that “96% of the attacks were not highly difficult,” and, worse yet,”97% of breaches were avoidable through simple or intermediate controls.” Small businesses are actually a far more common quarry since, as Verizon says, “target selection is based more on opportunity than on choice.” What this is saying in so many words is: it is highly likely that if the victims in these situations had just follow the basic PCI DSS protocols, they wouldn’t have been attacked at all. The opportunistic small-time hacker would have just moved on to the next complacent, unprotected merchant.
Stop putting it off! PCI compliance is real, real important, and here to stay. See our home page to find out how you can complete this mandatory requirement at absolutely no cost. Become PCI compliant today, for free!