PCI (payment card industry) compliance may not be a term you hear frequently as a small business owner. However, it has noteworthy impact to the level of risk your business assumes in payment processing if you accept credit cards and debit cards from customers as a form of payment.
Despite that media headlines tend to focus on large-scale data breaches that impact major retailers and government entities — and the millions of customers whose data may be compromised when such a breach occurs — small businesses are particularly at risk for a payment security breach. In fact, experts estimate more than 60 percent of security breaches target small- to medium-sized businesses. Often, smaller businesses are targeted simply because they are perceived as “low-hanging fruit” by hackers who presume (often, correctly) that a small operation won’t have the appropriate security standards in place that make it difficult for thieves to access sensitive payment data that they can use to commit further fraud.
Though your business is not legally required to abide by the security standards that determine PCI compliance, the cost of not following its obligations can be insuperable. If your business is a victim of a breach and the subsequent investigation determines your payment security and point-of-sale processes are not PCI compliant, you could face upward of thousands of dollars in costs associated with the aftermath of the breach, including responsibility for the re-issuance of customer payment cards, fines, fees and potential law suits.
In this presentation, we’ll take a closer look at how PCI compliance relates directly to your business, and provide some helpful parameters to help you identify which PCI-compliance standards your business should adhere to; based on the channels in which you sell, and your annual debit and credit card transaction capacity.
We’ll explore why some security measures commonly presumed to ensure a safe transaction environment may not be adequate to prevent a payment security breach — and why relying on these tools isn’t synonymous with PCI compliance.
We’ll review why PCI-compliant security standards change frequently — and provide tips on how to conduct vulnerability scans within your business to ensure the highest level of security during transaction processing.
Finally, we’ll recommend best practices small businesses owners can leverage to reduce exposure to unnecessary security risks when it comes to point-of-sale procedures and internal processes staff must follow to reduce the risk of a physical or cyber breach. We’ll also suggest some resources to help you identify qualified PCI-compliant partners that can help you conduct network security audits, and guide your business in performing comprehensive vulnerability scans to identify potential areas for improvement. These are based on the latest iteration of PCI-compliance standards set forth by the Payment Security Council.