Did you know that there is a hacker attack every 39 seconds, and 3,809,448 records are stolen from breaches every day?
As per a research published in Heimdal Security blog (https://heimdalsecurity.com/blog/10-surprising-cyber-security-facts-that-may-affect-your-online-safety/), approximately, 230,000 new malware samples are launched every day.
The more surprising fact is that 95% of cyber security breaches happen in only three major industries, i.e. Government, Retail, and Technology. Moreover, 43% of the total cyber attacks target small businesses specifically and according to surveys and reports, only 38%of global organizations think that they are ready to handle a complex cyber attack.
Technological advances have made it possible for the consumers shop online or offline with maximum convenience, i.e. the tableside payment kiosks in busy restaurants, in-store sales staff equipped with Point-of-Sales (POS) devices, online payments and so on. The technologies where they are improving customer experiences, also expose them to the serious security vulnerabilities, i.e. their private payment card data and other highly sensitive information.
So, if you are a small business, operating in retail or technology sector, you are more likely to be on cyber criminals’ hit list. In fact the cyber attacks on retailers make most sense to the hackers, as a retail business has all what they need, i.e. the customer information. And, as a responsible business, it is your prime responsibility to protect your customers’ data.
Assuming you already have a merchant account to start accepting credit card payments (online or in-store), all you need to do is to set up the device/app or plugin that allows you to accept credit card payments, and the money starts flowing in! Well, it’s not that simple.
Do check the TOS of your merchant account agreement which clearly states that you must have to be compliant with all the rules and regulations and a non-compliance will result in fines and repeated events may also result as a suspension of your account.
Well, you might have not read between the lines while signing up for the merchant account, so here’s a quick overview of PCI compliance for businesses.
An Introduction to PCI Security Standards:
PCI Security Standards Council is a global forum striving for the ongoing development, enhancement, and implementation of security standards for account data protection. And as per the rules, every small business and largest corporations that accept credit cards online or offline, must comply with the PCI Data Security Standard (PCI DSS). The ultimate goal of PCI security standards is to build and maintain a secure network.
What does this mean to me as a business owner and what should I do?
As a small business, you are required to be compliant with the Payment Card Industry Data Security Standard (PCI DSS). Here you can find comprehensive compliance requirements https://www.authorize.net/resources/pcicompliance/.
My company uses third party credit card processor. Do I still need to be PCI compliant?
Even if you are using a third party credit card processor which itself is PCI-DDS compliant, it doesn’t make your business compliant. Besides updating your technology, you must get your team trained to protect the customer information. Here you can find more info on PCI compliance training.
My company doesn’t store credit card data, so PCI compliance doesn’t apply, right?
Well, if your business accepts credit or debit cards as a form of payment in any way, then PCI compliance applies to you. If you do not store card data, then compliance is relatively easier!
Is my business PCI compliant if I have an SSL certificate?
Remember that SSL certificates do not secure a web server from malicious attacks or intrusions. SSL certificates are the first tier of customer security, but additional steps must be taken in order to achieve PCI compliance.
The Bottom Line:
Considering the pace at which the cyber attacks are happening, it is very unlikely that hackers will reduce their efforts to steal sensitive payment card data. So, it is your duty as a responsible business to take necessary steps, be a PCI compliant business, and contribute to the secure business world.