Whether you’re running a global corporation, or a small Internet store, PCI Data Security Standard (PCI DSS) compliance helps to keep your customers’ credit and debit card information secure. Standards do depend upon the size of your business, so small business owners are governed by different procedures than large corporations.
It’s important to remember that data thieves recognize the vulnerability of a small business. While large corporations can afford to fund entire security and compliance departments, data thieves know that small businesses operate on a limited budget and sometimes do not employ the high-tech security methods common to large corporations. Therefore, they are increasingly targeting the point-of-sale or payment storage systems of small business. Unfortunately, if your business is found responsible for a breach of customer payment data, the fallout could include:
- Fines and penalties
- Loss of sales and customer confidence
- Termination of ability to accept credit/debit cards
- Legal costs, judgments, or settlements
- Higher costs of compliance in the future
- Even going out of business
As a small business, you are responsible for protecting cardholder data at the point of sale, so that information like card numbers and expiration dates is not compromised as it enters the payment system. In order to comply with PCI standards,the first step is to have a firewall in place. You will need to protect equipment and processes such as:
- Card readers
- Point of Sale Systems
- Your store network and/or wireless router
- Card data storage and transmission
- Any card data that might be stored in paper records
It’s important to note that storing customer payment card data is considered the most risky activity with regard to data theft, so avoid doing this if at all possible.
Conducting e-commerce is becoming increasingly popular for small businesses, but this almost always means your customers are paying by debt or credit card online. It’s important to check the security of your payment applications and systems in order to protect your customers. In some cases, you may choose to outsource payment processing to a third party service provider; if this is the case, ask for annual verification of their compliance with the PCI Data Security Standard.
While the PCI Security Standards Council is responsible for setting compliance standards, enforcement of these rules – as well as non-compliance penalties – is managed by individual payment brands.
