$5,000 Per Card Breached: Data Security is Every Merchant's Responsibility

PC security CC.jpg

There are threats every day

Equifax. Target. These companies have become shorthand for data breaches. If you or anyone you know has been hacked or simply had their credit card stolen, you know what a pain it can be. Unfortunately for merchants, the pain and the penalty are much worse. Every day there are threats from hackers, criminals and nation-states attempting to figure out a way to steal customer payment data. The challenge for merchants is to stay one step ahead.

Many merchants are PCI non-compliant (even if they think they are)

PCI compliance is all too often an afterthought for businesses accepting credit card payments. Every business with a merchant account must both attest to and comply with Payment Card Industry (PCI) standards. Unfortunately, too many processors see PCI compliance as another way to charge an extra fee and the result is merchants aren’t educated or taking PCI compliance seriously. This can have major consequences like...

Fines are no joke

The last thing any business wants is to have their name in the headlines with the word “breach”. The PR hit alone can be insurmountable. On top of that, fines for violating PCI compliance start at $5,000 per record breached. That means if you have a single card stolen, and it is used for 5 fraudulent transactions, you could be facing $25,000 in fines (5X$5,000 Per Record Breached)! Most breaches involve hundreds, if not thousands, of cards and the fines can be astronomical.

EMV is not the gold standard, P2PE is

Chip cards have been around for years in Europe and the rest of the world, but do they make you any safer? The truth is, they are an upgrade from the old swipe technology (which is the same tech as cassette tapes and 8-tracks). Ultimately, the only way to really protect sensitive payment data for in person and over the phone/mail order transactions is with Point to Point Encryption (P2PE). Point to Point encryption means that sensitive data is secured from the second it is dipped, swiped or keyed, using encrypted hardware and software.

Follow the golden rule

You wouldn’t want your own credit card information written down and stored, or saved on a someone’s computer, would you? Then you shouldn’t do that with your customer’s information either!. Treat your customers payment card data the way you would want your own data treated.  There are several cost effective solutions that can provide peace of mind to know that you are not just PCI compliant, but as secure as possible with their sensitive data. Running a business is enough stress, the last thing anybody needs is a breach.


Top 5 things businesses should know about credit card processing

Credit Card General.jpeg


5. All Payment Processors have the same fixed cost

There are hundreds of processors, independent sales offices and sales agents. It’s a little known fact that all of us have the same fixed cost for accepting Visa/MC/AMEX, etc. This cost is called “Interchange”. The rates are established and regulated by the Federal Reserve of the United States. They are updated and posted on the individual credit card company’s websites each April and October, the most important thing to understand for the merchant is what you are paying on top of that cost, and what you are getting in return.

4. Find the right fit

The best advice is to pick a payment solution that is right for you. If you are a small volume merchant processing less than $2-3,000 a month on credit cards, your best option is usually a basic, “flat rate” provider. Stripe, Square and Paypal are good solutions for these merchants because they are easy to setup and have no monthly, PCI or hidden fees. On the other hand, if you are doing a higher volume, or a large amount of transactions each month, those “flat rate” providers could end up costing you significantly more! Educating yourself on Interchange and industry pricing trends will help you find the best fit for your business.

3. Get the right #paymentstacks

Businesses accept payments in a variety of ways. In person, on the go, over the phone, through a website, custom software, or with a mobile device, the possibilities are endless! Start by mapping out the most ideal solution for you and your customers. Next, do your research to find the best tools to help you achieve that goal. While saving money is important, it’s not worth frustrating your customers or creating more headaches for yourself!

2. Understand PCI compliance and security

Payment data security is paramount for any business. If you or anyone you know has had their card stolen, you understand how painful that process can be. For merchants, it is much worse! Not only can it  irreparably damage your reputation, there are a number of fines and other penalties you may be responsible for. Merchants are often on the hook for the lost products or services from fraud as well. There is also the possibility of PCI card violation fines that can start at $5,000 per record breached! It’s essential that businesses get serious about PCI Compliance!

1. Do your research

Finding the right payment processor takes time and research, but it is well worth the effort! For example, an eCommerce company who chooses a partner without data portability (ability to move saved customer cards) could end up having to lose the data, or pay thousands of dollars more to make the switch. Merchants need to be sure they have thoroughly researched and understand the fees, technology, security and service before they decide to use a credit card processor.

If you would like to learn more or to schedule a time to talk, please click here.