You hear about them all the time — credit card data security breaches in Yahoo, Target, LinkedIn, and other large, established companies that serve millions of people. Surely with so many users, one can assume that they have the biggest targets on their backs when it comes to hackers.
In reality, it’s the opposite.
Myth: Big businesses are more likely to get hacked.
Reality: Small businesses are more vulnerable than big businesses, making them the perfect victims of hackers.
Oftentimes, a hacker’s goal is to steal credit card info not to commit fraud themselves, but to sell it to distributors that produce fake credit cards with those numbers. Some hackers may challenge big businesses, but the everyday hacker knows that small businesses are the easier targets, as they don’t always have the knowledge needed to properly secure their information. Sometimes, these businesses don’t even know they’ve been hacked, and the attack is left unreported.
Understandably, understanding the best security solutions can be complicated. That is why the Payment Card Industry Security Standards Council was formed — to guide and educate businesses to better protect themselves from security threats. So, if you run a small or medium-sized business, it’s imperative that your security is PCI compliant.
WHAT IS PCI COMPLIANCE?
PCI Compliance refers to upholding the standards set forth by the Payment Card Industry Security Standards Council. This includes properly guarding stored credit card data with encryption, which converts information into a code that is difficult to decipher for intruders.
Though there is no official “badge” indicating PCI compliance, as more security breaches happen every year, credit card companies may be obliged to issue mandates for them. Getting your business PCI compliant will get you ahead of the game, and encourages confidence and trust in customers who become wary after just one violation of privacy.
If your business accepts credit cards, you’re obligated to be PCI compliant regardless. Otherwise, you may be fined $5,000 to $500,000, depending on the offense, and as a small or medium-sized business, you’ve got more to lose. With just one fine, you could be blacklisted on Visa or MasterCard sites, never able to accept credit cards again, or put entirely out of business.
WHAT IS NOT PCI COMPLIANCE?
Businesses foregoing PCI compliance oftentimes do so because they feel their method of storing sensitive information like credit card numbers is “secure” enough with a password. With personal computers and online accounts all following more or less the same login process (a password of some sort, sometimes coupled with an authentication question), it’s not a surprising sentiment. But even if you may choose to exercise the password protection feature in Quickbooks, passwords are not PCI compliant. With just a password, there is only one thin wall of protection to bypass before reaching your customers’ private credit card numbers. Not only hackers but disloyal employees are absolutely capable of breaking down this wall. More needs to be done.
Luckily, businesses can easily become PCI compliant by using tokenization, encryption, and PCI compliant payment modules that act more than just an inferred seal of approval.
HOW TO BECOME PCI COMPLIANT
Point-to-Point encryption, or P2PE, is a payment security solution that encrypts credit and debit card numbers, protecting against hacking and fraud and allowing payments to process faster. It is a standard set for PCI Compliance, unlike End-to-End encryption, or E2EE. When a card is used, the numbers are encrypted instantly in a code that is unreadable to everyone, then sent to a secure online vault. If there is ever a need to go back to a previous transaction, you can use a token, a string of numbers generated to label transactions while keeping the customer’s card information unseen. Furthermore, you will not be held responsible for security breaches or resulting fines — it’s the P2PE provider’s duty to keep you safe.
Payment modules are online card payments methods. While convenience is one factor in implementing payment modules, they also protect against potential security threats from both outside and inside company. If for whatever reason an employee goes rogue, they will not have access to any sensitive credit card information because everything is encrypted and stored in an online vault, not on a computer or server.
The number of businesses falling victim to a security breach rises every year. Don’t become one of them — become PCI compliant.