How to Keep Your Current Customers and Avoid a Lawsuit or Data Breach
Let’s just jump straight to the point: do you want to be the reason that your customer’s identity is stolen, or their credit card is used fraudulently? We assume that you answered “no” to that question, and if you did, then you should listen up because every day companies unknowingly do things that could jeopardize their business and result in having someone’s personal information getting stolen. Many of these behaviors are quite common, leaving stores open to a lawsuit. The good news is that there is a way to change these behaviors, and Acumen Connections can help!
In 2004, a bunch of credit card companies got together and created the Data Security Standards (DSS), which is a list of rules that companies should follow if they want to be able to accept credit cards. If you process credit cards or online payments, scammers are going to target your business and attempt to steal customers’ information, regardless of your stores’ size or sales volume. In fact, according to the 2019 Data Breach Investigations Report, 43% of data breaches involved a small business! Therefore, any store that processes credit card payments should follow DSS to be Payment Card Industry (PCI) compliant. The PCI Security Standards Council exists to increase and improve security standards, and the idea is that by following these standards, businesses can take steps to keep their customers safe, as well as their own company. You already know that security is important, after all, it is the reason that you lock up your store at the end of each day. Keeping sensitive customer information safe is an equally important step for business security. Whether you store, transmit, or use credit card information for your sales, you must follow the PCI rules.
Is PCI Compliance Legally Mandated? Do I Need to Be PCI Compliant?
Short answer: no, being PCI compliant is not a legal requirement. Better answer: even though you do not have to worry about criminal charges, you could face steep fines from the PCI Security Standards Council if you have a data breach. You could also lose a lot of sales seeing as how, “69 percent of all consumers are less inclined to do business with a breached organization”. In addition, if you are not PCI compliant, you could lose all payment processing options and never be able to accept credit cards again. If that happens, you might have to hang up signs in your store window and at your register that say, “cash only”. Depending on your product or service, not being able to accept credit cards could entirely ruin your business. Alternatively, adhering to the DSS helps protect not only your customers, but also you and your store. Think of it as having insurance against customer identity theft or fraud; ultimately, it is worth having.
I Would Like to Keep Accepting Credit Cards. How Do I Become PCI Compliant?
Becoming PCI compliant can take a little work, but it is overwhelmingly worth it in the end. The process starts by filling out a self-assessment questionnaire, that contains about a dozen different “yes,” “no,” or “N/A” questions. After completing the questionnaire, you will have to make the requested changes, such as using anti-virus software, shredding documents, locking computers before stepping away, and using unique passwords. There are other steps that your company may need to follow, but these are some of the more common ones. The third step in the process is passing a vulnerability scan completed by an Approved Scanning Vendor. If you pass this scan, then it means that your business is PCI compliant! Verifying your PCI compliance may seem daunting at first, but the Acumen Connections team is here to walk you through the questionnaire in less than ten minutes!
How Does Acumen Connections Help My Store Stay PCI Compliant?
Credit card fraud and data breaches are a real concern, and the security of your business is very important to us. As a company, we strive to be proactive and protect your company data as well as your customers’ information. We contract with Security Metrics, a company that specializes in affordable data security, to help make sure that your company is PCI compliant. We have an online portal available to assist in your annual PCI compliance process. From our online portal, you are able to access your PCI Self-Assessment Questionnaire to analyze your current compliance level. You will need to provide a few pieces of information the first time you log in, including your Merchant Id Number. We are always happy to help answer any questions you may have, and we can even walk you through the entire questionnaire. PCI DSS compliance must be recertified each year, and there is an annual fee of $89 that is billed in December. Companies that fail to follow the DSS will also have a fee of $19.95 for every month they are deemed non-compliant. Again, becoming PCI compliant can take a little work, but it is overwhelmingly worth it in the end, and Acumen Connections is here to help the entire time.
What Happens If I Am Not PCI Compliant?
We should not have to warn you about the dangers of not following the DSS and being secure with your customers’ personal information; but we will go ahead and let you know what could happen anyways. If you are not PCI compliant and you have a data breach, your customers could have their personal and credit card information stolen. Those customers could sue you and you could face a large fine from the PCI Security Standards Council. Seeing as how a majority of shoppers are hesitant to buy from a company that has a data breach, you could lose a lot of sales. If you have enough issues with following the DSS, you could lose access to all payment processing companies, and ultimately lose access to being able to accept anything except cash, thus hurting your sales even more.
Want a famous example of when a data breach negatively affected a company in more than one way? Back in 2013, Target had a data breach where attackers stole the personal credit-card information of 41 million customers, including their names, phone numbers, email addresses, payment card numbers, credit card verification codes, and other sensitive data. Shoppers were not happy, and some refused to shop at Target for a while out of fear that their information could be stolen too. Target’s stock fell immediately afterwards, and even now, the company owes those customers $18.5 million for what happened!
Stay PCI compliant so that you can better protect yourself, your customers, and your business from threats like data breaches.
Are you a current Acumen Connections customer that wants more information about PCI compliance? Send us an email at firstname.lastname@example.org and let us know!