Keeping up with current technology will require that your company is able to receive and process payments in different ways. This includes live credit card payments, as well as payment options via mobile devices. It is the responsibility of the company that is receiving and processing these payments to ensure that their consumers' information is kept secure. Protection includes security from identity theft, phishing and other threats.
Regulatory national payment processing standards have been set by The Payment Card Industry Data Security Standard (PCI DSS) to regulate customer identity safety. Any company that has a merchant account to accept credit card payments must use payment processing systems that are PCI compliant. This is done to ensure that their consumer financial information will actively be kept secure.
What is PCI Compliance?
There are four levels of PCI compliance. The level your company is on is determined according to its annual sales revenue. To be considered PCI compliant, a company must be doing the following:
- Confirming that their business payment systems fall in line with PCI guidelines on payment security systems and storage of sensitive data.
- Thoroughly training their employees on prevention of data breaches, maintaining sensitive customer information and reporting any security breaches or suspicious circumstances (phishing emails, etc.).
- Maintaining detailed records that are security-enforced to ensure sensitive customer information – including full credit card info – is not visible, accessible or stored.
- Proactively working on keeping up-to-date firewalls, virus protection and other security measures to protect customer information from hacker attacks and data breaches.
- If there is a reason for maintaining files using a customer's unique credit card markers, the company must keep records of why this is the case – with proof – as well as a detailed outline on how that sensitive information will be kept safe.
The consequences of non-compliance
There are hefty consequences attached to a company avoiding the detailed PCI compliance guidelines and being declared to be non-compliant. Lawsuits and fines are likely to follow, as well as the escalation of insurance rates. The average cost of just one data breach for a small business is around $36,000. That number does not include attorney fees and any additional liability or lawsuits that are filed from consumers on an individual basis. There is also the consideration of fines that will be due because of the breach.
Bear in mind that the bigger the company, the more clients and data that are at risk – and thus, the bigger the data breach overall. Major corporations experience severe security breaches that cost upwards of $7 million dollars and compromise thousands of consumers' personal information.
For a small business, this degree of loss can instantly level the company. Not only will the corporation experience significant financial losses, but their reputation as a trusted corporation will be damaged as well. With the aid of media outlets and social media shares that can become viral, a company can be downgraded financially, as well as through the ever-growing popular vote of consumers. So companies should work to ensure that the entire organization is PCI compliant on an ongoing basis.