PCI (Payment Card Industry) compliance have you heard about it? Apparently it is a big deal these days?
Despite the flippant nature of the intro, no matter your business, you need to be cognizant of PCI standards as they can have tremendous repercussions on your business.
I had the privilege of watching a short video today on this very issue. I felt the issues discussed were extremely important, and as a result, I endeavored to write a quick blog post on the subject so anyone who is dismissing PCI as a fad or the flavor of the week will reconsider. PCI is here to stay and you need to adapt.
The short video – link provided at the conclusion of this entry – profiled Carla, a business owner. Her POS system was breached, and this breach went unnoticed for 7 months. During this time the hackers stole her customer’s credit card information, encoded the mag stripe on fake credit cards and subsequently sold these cards for use.
Needless to say this has been a headache for many reasons including:
- Carla was fined by her merchant bank – as when a breach happens the Credit Card Company fines the merchant bank, whom then passes these fines onto the retailer.
- The merchant bank now holds an unspecified percentage of Carla’s transactions “in case” a subsequent breach occurs and Carla is fined.
- Carla has spent about $110,000 USD trying to sort out this issue
- Carla’s business has faced a drop in repeat business
It is interesting to note that when a business is compromised, as many as 60% of their customers will never frequent said establishment again. This is a jarring number. We all heard of the TJ Max incident, but what we never hear about are the small businesses, like yours, where fraud happens every day. I hope by writing this blog you will think about this issue and take the appropriate precautions. The following is a short list of places to start, but by no means is it exhaustive of all precautions you should be taking within your business:
- Use a firewall, anti-virus and ensure your software is up to date.
- Change you passwords frequently
- Turn off remote access to your system when it is not in use/needed
- Contact your PMS/POS provider, ensure they are PCI compliant and ensure they do not store ANY information you do not require.
- Finally stay educated, this is paramount to ensuring you are aware of the latest news and developments regarding the security of your transaction related data.
