The reality is that to achieve PCI compliance, you have to educate yourself on a variety of
security protocols and processes, along with various terminology and acronyms used by the
Payment Card Industry Security Standards Council (PCI SSC).
Fortunately, with a little help, you can successfully navigate these waters, achieve compliance, and get back to business. The first thing you need to do is to understand why it’s important and what’s involved; then, all it really takes is 3 simple steps actually become PCI Compliant.
Why is PCI Compliance Important?
PCI Compliance - also known as Payment Card Industry Data Security Standard Compliance, was created by the 5 major credit card companies in order to establish a minimum level of data security for businesses that collect customer information.
This standard was put in place to help protect your business, your customer’s information, and the credit card companies from things like hackers, data theft, data loss, privacy issues, etc., because in today’s world, information is currency, and hackers and thieves will do almost anything to get access to your customer’s data - especially credit card information.
By implementing this Data Security Standard, you are putting proven processes and systems in place to help protect you and your customers from data loss or breaches that can happen to honest businesses, due to a
variety of unfortunate situations that most people never even consider until it’s too late.
What happens if I ever get breached?
If you collect, transmit, process or store any credit card transactions - in other words, if you have pretty much anything whatsoever to do with credit cards, whether you’re a local business or an online merchant, you are ultimately liable for any information you collect, and as such are open to a variety of consequences should that information ever be compromised, including:
Legal fees.
Not only do you open your business up to lawsuits, but breach lawyers are very expensive, and the fees can rack up quickly into the 10’s of thousands of dollars.
Bank fines.
If you’re not PCI Compliant and you suffer a security breach your merchant bank is going to come down on you for every customer who they had to reimburse after the theft or fraud.
Forensic fees.
Before you can continue processing credit cards, your entire system has to be investigated by a forensics team to determine how the information was stolen, and then the breach has to be fixed and tested.
Remediation.
In addition to bank fines, you may be required to provide credit monitoring to your customers for a certain period of time. This can cost upwards of $20-$30 per customer.
Federal audits and fines.
The FTC might get involved if your company was negligent. This could mean investigations into your business and processes, along with fines and regulations that can cripple your business moving forward.
Loss of revenue.
Not only will you be unable to temporarily conduct business after your breach, but the after-effects can cause your revenue to drop. For example, when Target was breached, their profits fell $440 million the following fiscal quarter.
Difficulty processing cards.
Once you’re breached, merchant banks are much more hesitant to process transactions on your behalf, and may deny you or charge much higher fees.
Damage to your reputation.
Even if you get through all of the issues above, you still have to deal with the long-term effects that a breach has on your company’s reputation. There are often news articles and social media posts that linger for months or even years following a breach.
With all of these issues to deal with, it’s no wonder that 60% of
businesses that get breached go out of business within 6 months!