$5,000 Per Card Breached: Data Security is Every Merchant's Responsibility

PC security CC.jpg

There are threats every day

Equifax. Target. These companies have become shorthand for data breaches. If you or anyone you know has been hacked or simply had their credit card stolen, you know what a pain it can be. Unfortunately for merchants, the pain and the penalty are much worse. Every day there are threats from hackers, criminals and nation-states attempting to figure out a way to steal customer payment data. The challenge for merchants is to stay one step ahead.

Many merchants are PCI non-compliant (even if they think they are)

PCI compliance is all too often an afterthought for businesses accepting credit card payments. Every business with a merchant account must both attest to and comply with Payment Card Industry (PCI) standards. Unfortunately, too many processors see PCI compliance as another way to charge an extra fee and the result is merchants aren’t educated or taking PCI compliance seriously. This can have major consequences like...

Fines are no joke

The last thing any business wants is to have their name in the headlines with the word “breach”. The PR hit alone can be insurmountable. On top of that, fines for violating PCI compliance start at $5,000 per record breached. That means if you have a single card stolen, and it is used for 5 fraudulent transactions, you could be facing $25,000 in fines (5X$5,000 Per Record Breached)! Most breaches involve hundreds, if not thousands, of cards and the fines can be astronomical.

EMV is not the gold standard, P2PE is

Chip cards have been around for years in Europe and the rest of the world, but do they make you any safer? The truth is, they are an upgrade from the old swipe technology (which is the same tech as cassette tapes and 8-tracks). Ultimately, the only way to really protect sensitive payment data for in person and over the phone/mail order transactions is with Point to Point Encryption (P2PE). Point to Point encryption means that sensitive data is secured from the second it is dipped, swiped or keyed, using encrypted hardware and software.

Follow the golden rule

You wouldn’t want your own credit card information written down and stored, or saved on a someone’s computer, would you? Then you shouldn’t do that with your customer’s information either!. Treat your customers payment card data the way you would want your own data treated.  There are several cost effective solutions that can provide peace of mind to know that you are not just PCI compliant, but as secure as possible with their sensitive data. Running a business is enough stress, the last thing anybody needs is a breach.