Welcome to CardConnect MSP Blog

PCI Compliance Is Mandatory. Are You Compliant?

Since 2005, there have been more than 1 billion stolen records in over 2,000 separate incidents. In most cases, thieves were seeking payment card data.* Clearly, it is imperative that businesses do all they can to protect their payment systems from fraud.

If you think your business is too small for thieves to target, think again. Small businesses are now seen as easy targets. A Visa analysis has found that small merchants accounted for more than 80 percent of data security breaches.** A breach can cost over $200 per compromised record***, and can expose your business to chargebacks, fines from banks or regulators, and loss of your customers’ trust.

Are you doing everything you can to protect your business and cardholder data? Let us help you meet PCI compliance standards to protect your business.

What is PCI DSS?

PCI DSS – or the Payment Card Industry Data Security Standard (PCI DSS) – was created by major credit card companies to prevent fraud. This standard has been around for several years and it works. Between 2005 and 2011, only 4 percent of all breached organizations were PCI compliant at the time of their data breach,*,**** proving that those businesses that take steps to become compliant do prevent fraud.

What Happens if I Don’t Become PCI Compliant?

More…The object of becoming compliant with PCI security standards is to help protect sensitive cardholder data from thieves.  If your business fails to become PCI compliant, you could be putting your business at greater risk from the growing threat of payment card data breaches and theft, which may result in substantial penalties (such as fines from banks, regulatory agencies, and card organizations), fraud and chargebacks, as well as legal costs and lost customers.

Additionally, if you fail to become PCI DSS compliant or to report your PCI DSS-compliant status via a third-party vendor to your merchant services provider, you may also be charged a monthly fee until you do so.

If your business experiences a data security breach, you could even lose your ability to process credit card payments. Perhaps more importantly, you risk the loss of customers. Research shows that 43% of customers who have been victims of fraud stop doing business with the merchant where the fraud occurred.*****

How Can I Become PCI Compliant?

You need to work with a vendor that offers PCI compliance services. They will typically take you through two steps:

  • A self-assessment questionnaire

  • A vulnerability scan

Depending on the complexity of your network, you could be done in less than 30 minutes.

As the processor for your payment card transactions, Ignite Payments NYC offers PCI DSS compliance services through the PCI Rapid Comply solution. PCI Rapid Comply is an easy-to-use online tool that can help you achieve and maintain PCI DSS compliance more quickly and easily.

Of course, you are free to obtain PCI DSS compliance services from other third-party vendors. However, using PCI Rapid Comply means that you are working with a solution that is offered by and integrated with your merchant services provider.

To get started with the PCI Rapid Comply solution:

What Does PCI Compliance Cost?

The answer to this question depends upon the vendor with whom you work. Make sure to ask about costs up-front.

With the First Data PCI Rapid Comply solution, you incur no new or additional charges. The Compliance Service Fee charged to you includes your annual PCI self-assessment questionnaire (SAQ) and quarterly scans, if needed, which are offered in our PCI Rapid Comply solution.

Merchant Experiences: Cost of Card Data Theft

Did you know that a card data theft can cost your business over $100,000? Below, we’ve included case studies and testimonials from small business owners who have had up to $612,000 in losses from data security breaches that were the result of hacking, malware attacks, and phishing scams. Get PCI compliant now to help protect your business from these losses.

Case Studies

TryMedia (TM Acquisition – TryMedia is a division of RealNetwork.)

Seattle, Washington

January 30, 2012

12,456 records compromised

Try Media’s ActiveStore application was attacked by intruders who were able to intercept and obtain the credit card information of customers.  Credit card numbers, expiration dates, security codes, addresses, email addresses, and passwords to user accounts for transactions that occurred between November 4, 2011 and December 2, 2011 were accessed.

Small Dog Electronics

Watsfeld, Vermont

March 3, 2010

Security Breach Method: Hacking

3,000 records compromised

After Small Dog began collecting and matching customer donations for Haiti relief efforts, a hacker breached the website and began stealing customer credit card information. The breach lasted from December 2009 to January of 2010. Three thousand customer records were stolen.

Estimated merchant cost: $612,000

Source: Privacyrights.org

Testimonial

In August 2006, Carla, a small business owner, experienced a data security breach at her restaurant.

“I felt I had been blindsided… I was not aware that could ever happen to me,” she said. “We did end up spending about $120,000 on everything involved, including a forensic investigator, attorneys’ fees… mainly on the fees that we had to pay MasterCard and Visa.”

Carla was shocked to learn that credit card companies have the authority to dole out fines.

Based on a 2010 study, 3 out of 5 small merchants continue to be unaware of their liability in the event of a data breach.****** The study’s respondents didn’t realize the potential ramifications of noncompliance, including potential fines of thousands of dollars and a per-card fee for each card that has to be canceled.

Get PCI compliant now to help protect your business from these losses.

SOURCES:

*           Verizon 2010 Data Breach Investigations Report. March 2012

**         Visa “Drop the Data” Web Site, 2009.

***       Ponemon Institute 2009 US Cost of a Data Breach Study

****     Ponemon Institute 2010 U.S. Cost of a Data Breach. March 2011

*****   Javelin Strategy and research. June 2009

****** RSPA Publications Small Merchant Data Security Study by First Data and National Retail Federation 2010

No Comments Yet

Let us know what you think