If you’re in business today chances are very good that you accept credit cards. After all, who doesn’t? With the advances in technology, accepting payments is virtually limitless. Consumers expect to be able to pay with their plastic whenever they want. This presents a great opportunity – for the bad guys.
Data breaches seem to happen on a pretty regular basis here in the USA and around the world. Don’t think that small businesses are not vulnerable, they are. We just don’t hear about it as much when it happens. When Home Depot experienced a data breach in 2014 it was major news. But when a local business has a data breach you probably won’t hear about it, unless you’re local.
How Can You Protect Your Business?
There are a few simple steps you can take along with some more advanced procedures as well. Let’s start with the basics:
Only Use Updated Equipment
Remember back when the banks rolled out EMV credit cards with a chip for an added layer of security? There was a mad dash in the equipment industry to provide machines that would accommodate these chips. It took many years but now, for the most part, you won’t find a business that still swipes the old fashion way.
If your business does not have an EMV reader GET ONE! Older equipment (3-4 years in the technology world) often lacks the ability for proper encryption & updates. Last summer of 2019, Verifone VX520 machines simply stopped working for thousands of merchants presenting a huge problem. If your equipment is not automatically updated you may have a problem down the line.
Do Not Store Cardholder Data
If you offer payment plans or recurring billing it can be convenient to keep a record of your customers card. It’s also an easy way for the wrong person to get their hands on it. If there is a burglary at your location the data is at risk.
A disgruntled employee could also cause a problem if they got their hands on it. If you are offering payment plans I would recommend a virtual terminal that meets PCI compliance protocols. If there is a hard copy of cardholder data it should be shredded/incinerated by a professional company.
Complete Your Annual PCI Compliance Survey/Scan
PCI Compliance is an industry-wide measure to ensure that merchants are protecting cardholder data. Each year a merchant must fill out an online questioner regarding their procedures to accept payments. Unfortunately, it can be a sore subject for a small business owner. It’s time-consuming and the questions can be confusing. Most small business owners live in a busy world of organized chaos.
Sitting down at a computer to complete a very long questionnaire is on the low end of the priority scale. Often, there is no one at the local level to help them complete the questionnaire. In many cases, a remote scan of the business network and internet connection must also be completed.
The bottom line is that many business owners do not complete the annual PCI compliance requirements and end up paying a monthly non-compliance fee ranging from $19 – $125 per month!
PCI compliance protocols require you to be aware of common ways that criminals attempt to capture cardholder data. Your employees must also be trained. Your merchant service provider should be ready and willing to assist you and make sure that you are 100% compliant.
Hire a Security Expert
If your business is processing a large volume of credit card transactions you may want to consider hiring an outside IT company to manage your network. This is especially true if you are accepting online payments or using a virtual terminal.
The Bottom Line
Running a business comes with many challenges, the last thing you want is a PR nightmare over a data breach. Taking the time to establish and maintain procedures to protect cardholder data will certainly benefit you and your clients. If you need help with your PCI compliance please contact us for a complimentary security analysis.