If you run a small business, especially in the retail industry, you’ll know how important it is to take credit and debit cards. More customers than ever prefer to pay this way, and being unable to accept a card can sometimes cost you a sale. But with great opportunity comes great responsibility—it’s crucial that you protect cardholder data for each and every sale. That’s where the Payment Card Industry (PCI) Data Security Standard (DSS) comes in. Are you compliant?
If you’re not sure how PCI compliance affects your small business, here’s a quick guide to help you out.
What is the PCI DSS?
The PCI DSS is a set of guidelines designed to keep cardholders’ most sensitive data safe. Hackers can do a lot of damage with stolen card data, including draining a person’s account entirely, so customers place a lot of trust in you when they hand their card over to pay.
If your business stores, processes, or transmits card data, either in a physical store or online, you’re required to follow the PCI DSS. If you don’t and a hacker takes advantage of your lax security measures, the results can be costly.
What does it matter if you’re not PCI compliant?
There’s a common misconception that hackers aren’t interested in small businesses. They most definitely are, and for good reason—security tends to be weaker. Even if you take only a dozen card payments every month, that’s a dozen sets of customer data that hackers can steal and exploit.
If customer card data is compromised and your business didn’t meet PCI compliance standards at the time of the breach, you can face steep fines from the card companies and even find yourself suspended or banned from using your card processing network. But the cost of a data breach can run much deeper. The loss of customer trust can be devastating, and some businesses never recover from it.
What can you do to become PCI compliant?
The first step toward becoming PCI compliant is evaluating your current security landscape and fixing any vulnerabilities. This includes maintaining strong and up-to-date anti-virus software and firewalls, encrypting transmission of cardholder data, and limiting access to this data to need-to-know staff. It’s also best not to store cardholder data for any longer than necessary.
This is not a one-time deal. To remain secure, your business will have to continuously monitor and update its processes to keep its defences tight against hackers. And to acquire and retain PCI DSS compliance status, you’ll need to regularly provide accurate reports to the individual bank and card brands.
PCI compliance can seem like a lot of work, but it helps keep your business and your customers safe. At eMazzanti, we work with many small retail businesses to help them stay PCI compliant and secure. We can manage the entire compliance process for you, from planning and implementation through to maintenance auditing, so you don’t need to worry. To find out more about Data Security Standard, PCI compliance … get in touch today.