In 2006, the major credit card companies (Visa, MasterCard and Discover) banded together to create Payment Card Industry Data Security Standards (PCI DSS) for all merchants or organizations that accept, transmit or store cardholder data.
PCI DSS were ultimately created to protect personal data and credit card numbers against potential security breaches. Often times, businesses think PCI DSS is primarily intended for the big-box merchants, many of which have been affected by major breaches where millions of consumers were impacted. So whose radar could small businesses possibly be on?
You would be surprised. Computer hackers continually troll the Internet looking for small to mid-sized businesses that might be lax in their security. Unlike the larger businesses and retailers, smaller businesses may find themselves behind in updating their software or not have the right vendor working on protecting this valuable commodity. Even those who process with a dial up credit card terminal not tied to software need to follow PCI DSS common sense steps for best security practices.
So what should you be doing now?
Be current. Make sure personal information is stored in a safe place and that payment processing and office management software is up-to-date. Many breaches have occurred when a patch to fix a known security is not installed.
Be compliant and secure. Just because you are deemed compliant doesn’t mean you are necessarily secure. When was the last time you looked at your security measures? Is everything set to the default settings? Should they be? Not understanding the security needed to adequately protect your customers' data will increase your chances of a breach.
Work with the right vendors. There are vendors available to help you with security and maintaining your PCI compliant status. If you process credit cards with through Professional Solutions Financial Services, you already have access to the PCI Assurance Program, offered by SecurityMetrics our 3rd party PCI Compliance Administrator. SecurityMetrics is recognized as a global leader in helping businesses safeguard their data and reach PCI compliant status.
Personal data and credit card numbers are a hot commodity. Thieves pay a lot of money for this information that will be used to commit fraud that may damage an innocent person or business’ credit and financial standing. As merchants, we need to ensure we are doing our best to protect that data. Understanding PCI compliance will go a long way to ensure you are doing just that.