Hackers WANT your credit card data. They WANT your customer’s credit card data. They will try hard to get it. They will NOT stop. These are unfortunate truths.
In 2006, MasterCard, Visa, JCB, American Express, and Discover established the PCI Security Standards Council, a 3rd party entity, to manage the Payment Card Industry security standards and to promote the standard’s implementation by all companies (i.e. merchants) that accept credit/debit cards including all:
• Retail merchants: Any business that operates in a storefront location, where the customers’ debit and credit cards are physically swiped through the payment terminal.
• Internet merchants: Any business being run online. It allows businesses to collect and process credit and debit card information from their e-commerce website.
• MOTO (mail or telephone order) merchants: Any business that operates by taking payments via the telephone and/or direct mail
Even if you process one credit card per year, your business must be PCI compliant. If you process through a third party, that does not absolve your business from PCI compliance. Many businesses do not take this seriously….until a breach occurs. As many of you know already, the credit card companies and banks have made a concerted effort to shift liability for the massive amount of credit card fraud taking place from their business to yours. If your business is not using chip readers, you are at risk. If your business is not PCI compliant, you are at risk.
PCI Compliance is not solved through a single vendor or product. There are many requirements and some of them are business process related and some are technology related. Below is a list of the top ten myths surrounding PCI requirements from the PCI Security Standards Council.
Top Ten Myths of PCI Compliance
1. One product will make us compliant.
2. Outsourcing card processing makes us compliant.
3. PCI DDS compliance is an IT project.
4. PCI DSS will make us secure.
5. PCI DDS is unreasonable, requiring too much effort and expense.
6. PCI DDS require us to hire a Qualified Security Assessor.
7. We don’t take enough credit cards to necessitate compliance.
8. We completed a SAQ so we’re compliant.
9. PCI DDS makes us store card holder data.
10. PCI DDS is too hard.
Is your business PCI compliant? Are you aware of the penalties for being out of compliance? Given the current data security climate, have you given this enough attention? If you answered “no” to any of the above questions, give Colden Company a call at (888) 600-4560 or email us, or visit us on Facebook or Twitter.