Even though by now any merchant storing or processing cardholder data should have at least heard of the PCI DSS and the requirements for PCI compliance, not everyone seems to be able to visualize the impact of a data breach or accept the reality that they are at risk. The PCI DSS goals and strategies for protecting cardholder data has been in effect for all merchants and processors since 2009. It still seems however that the general timbre of the industry, especially for small businesses, is that PCI compliance isn’t that serious or only applies to those large businesses that have thousands of customers. One industry expert who specializes in data protection strategies suggests that instead of asking yourself what your response plan is if you experience a data breach, but assume it will happen and ask yourself what your response plan is when you experience a data breach. Now is the time to start considering a data breach to be a continuous and constantly evolving threat to the safety of your business and your customers’ data. Adhering to the PCI DSS requirements and maintaining your PCI compliance is your best defense against computer crime.
The largest single data compromise occurred on February 20th 2009 to one of the largest payment card processors in the country affecting over 100,000 merchants and over 100,000,000 payment card accounts. The company’s publicly traded stock value plummeted by 75% in less than two months. A Ponemon Institute survey found that most organizations spend over $200 per compromised bank card account. By that reasoning the aforementioned breach cost would excess twenty billion dollars in just expenses. That’s before considering the loss of reputation, stock value, and basic trust from the consumer.
Okay, you’re saying, but I’m a small business, what do some giant corporation’s problems got to do with me (assuming you weren’t one of the one hundred million card holders affected)? No doubt a breach of the size described is a major coup from the standpoint of the criminal individual or group that perpetrated the breach. But attacking a company that size takes months to plan and implement, cooperation and timing to make it work, and the highest level of computer skills and equipment. Since this huge data compromise, the company that was attacked, and all large merchant service providers have caught up with the latest protections and security measures as outlined in the PCI DSS, and have plugged up the holes that made them vulnerable by becoming PCI compliant.
Small businesses however, with the pervading trend of indifference to or dismissal of PCI compliance, are becoming the preferred target of hackers and computer criminals because they are so ripe for the plucking. Not as big a score as some huge international financial services company, but without the protection of proper PCI compliance your business and customers’ private information are exposed and easy to access by even a moderately skilled hacker. Think how many credit cards you processed in the last six months. Now multiply that number by $200. If you can’t afford the answer then you can’t afford not to be PCI compliant. Go to our PCI Free homepage for everything you need to know about the PCI DSS and how it will protect your business.