We are proud to announce an education plan to advise business owners on the potential risks facing any organization that accepts, stores and utilizes customer credit cards. The Payment Card Industry Data Security Standard (PCI DSS) applies to any organization, regardless of size, and it imposes rules on business owners who work with customer credit cards. The intention behind the regulations is to keep customer data secure from breaches; however, businesses that are not in compliance could face up to tens of thousands of dollars in penalties and fines. There are very simple solutions to mitigating these risks, and as fellow business owners, our leadership is sharing these risks and their solutions with the business community to keep companies protected from obscene fines.
When accepting sensitive credit card information, businesses need to assess several risks. The first major risk is a disgruntled employee stealing a customer’s credit card and utilizing that information for personal purchases. While these types of infractions are usually caught quickly, especially with the proper monitoring technology in place, customers can be reimbursed for fraudulent purchases. Unfortunately, the damage done to customer trust is often irreparable. The fact of the matter is that customers, who experience a data breach with a merchant, are extremely likely to avoid using that merchant, ever again. In other words, lackluster security measures here could cost a company dearly, not only because of the up-front fines but because of the negative word-of-mouth that usually follows an incident like this. To solve this issue, businesses can follow the comprehensive list of steps laid out in the PCI DSS that explains the measures a business can take to protect themselves from this liability, including actions such as encryption and limited levels of access. “Every single customer we work with is already doing their best to protect customer data; however, they are usually missing key elements that could get them in big trouble,” stated Iain Beveridge, President of All Phase Communications. “Oftentimes we see businesses take customer credit card information over the phone and then write it down so that it can be added into the computer system later. However, one big mistake we’ve been noticing is that businesses are storing customer credit card information for longer than 5 days, which is strictly prohibited by these regulations. This is a perfect example of how business owners with positive intentions, end up paying big fines for being undereducated on these matters,” concluded Beveridge.
The greatest risk facing business owners and credit card security is hackers. Their methods are constantly evolving, and hackers are always finding new ways to attack businesses, the standards for PCI compliance are always changing as well. “Businesses can go to the PCI Security Standard Council’s website to view a comprehensive list of best practices or if they don’t want to have to comb through all the details, they can call a managed technology services provider, like All Phase Communications for example, and they should be able to conduct a PCI network analysis and advise them on a few key areas to pay special attention to,” added Beveridge. “If your managed services provider is unaware of PCI compliance, you may want to consider reevaluating your relationship with that provider.”