January 10th, 2011
What is the number one question asked of customer service regarding the need for PCI compliance? “Why do I have to do this?” The simple answer is “for the protection of your business and the customers you serve,” but words are just words. The reality is that police reports about the incidence of fraud, both small and large scale, are increasing exponentially in frequency as cyber-crooks develop newer and more ingenious ways to abuse credit cards. The PCI DSS requirements may seem inconvenient, even cumbersome for becoming PCI compliant, but the rewards are real. A recent report describing how the U.S. Secret Service detected and foiled a large scale fraud ring involving a handful of high-volume restaurants spread across the country from Washington D.C. to Seattle, WA exemplifies the very real need for the PCI compliance to be practiced by everyone in the payment card industry for the integrity of the payment card industry as a whole.
In their investigation, the Seattle Secret Service’s Electronic Crimes Task Force traced the origin of a series of fraudulent charges to a Capitol Hill restaurant. In the course of their investigation they found that the D.C. based restaurant was not using the latest available PCI DSS approved version of processing software from the manufacturer and therefore compromised the security of their processing system. The restaurant was lucky in that they were able to remain open and the thieves were foiled before too much damage was done, but things could have gone very differently since they hadn’t been PCI compliant at the time. No system can ever be completely invulnerable to resourceful hackers, but had the restaurant in Capitol Hill been using PCI compliant software, they might not have been embroiled in a federal investigation in the first place.
Following the procedures and security measures outlined in the PCI compliance guidelines will both protect the safety of your computer network and spare you certain liabilities in the event of a data breach. Everyone running a business already employs many of the security measures described in the PCI compliance because a lot of it is just common sense. Of course you safeguard sensitive customer information in a secure area; you don’t just leave credit card information lying around where anyone can steal it. Of course you limit access to computers and equipment containing cardholder data only those who need access to perform their jobs; you don’t let just anyone who happens to be in the office use computers containing cardholder data. But not everything is so obvious about PCI compliance, such as the question of whether or not your processing equipment has the latest PCI compliant software version. Now you do not have to wonder because all of that information can be found here on our website PCIfree.com
A small business can expect even a small scale data breach to cost $25,000 to $50,000 dollars in fines and legal fees. Those numbers should get your attention if you are a business owner that is not currently PCI compliant. PCI compliance is required. PCI compliance protects your business in ways you didn’t know you were vulnerable. Don’t wait, find out if you are PCI compliant today, and if you are not, it is easy and free with us.