Why PCI Credit Card Security Matters

Like most businesses, you probably have a credit card machine that converts customers credit cards into profits but did you know that when you signed up for your merchant account you agree to comply with payment card industry or PCI security standards to keep your customers credit card information safe and to avoid huge fines, lawsuits, and penalties that come with a data breach and PCI non-compliance Home Depot's credit card breach cost them one hundred and seventy nine million dollars and Winners' parent company paid over two hundred fifty six million

Unfortunately, most small and medium-sized businesses can't afford the penalties lawsuit to loss of customer confidence that come after a breach so it's no surprise that 60% of hacked small and medium-sized businesses go out of business within six months of a breach What about insurance? Cyber insurance is a good way of taking care of residual risk however keep in mind that it doesn't always cover you if you aren't PCI compliant For example, in 2016 the supreme court of Québec decide that Chubb Insurance Company of Canada didn't have to pay out a claim to Aldo Shoes after Bank of Montreal's MasterCard service charged Aldo four point nine million dollars in penalties after a cyber breach because they weren't PCI compliant it turns out that although cyber insurance covered damages suffered by card holders, it didn't cover PCI-related fines because they are a contractual obligation between the merchants and the credit card processor Even if you get PCI cyber insurance, keep in mind that liability is often limited to a hundred thousand dollars After a breach, even if you had insurance, your credit card processor and insurance companies will likely increase your rates and you'll suffer a loss of customer confidence

KPMG found that 52 percent of customers wouldn't feel comfortable buying from a retailer that was breached within the last three months So how do companies disclose credit card numbers? Sometimes it is as simple as an unencrypted email However, typically it goes down to policies and procedures and training In particular: employees not examining payment devices for hardware that criminals use to capture credit card information Verizon's 2018 data breach report found that 38% of retail breaches involved undetected skimmers and changes to hardware fortunately the solution to all these is simply education and easily-accessible daily procedures

PCI requires specific policies, procedures, and employee training to avoid these pitfalls Verizon also reported that 98% of breaches in the accommodations and food services sectors involved point-of-sale attacks and MasterCard analysis has shown that insecure remote access is the number-one point of entry for attacks against brick-and-mortar merchants These could be easily prevented by restricting network access and implementing PCI compliant access restrictions Unfortunately, many merchants still use the same consumer-grade routers and firewalls in their businesses as they use at home These devices don't support PCI compliant access restrictions and are usually difficult or impossible to set up to properly restrict network traffic to block hackers

Fortunately ThreeShield offers an instant PCI-compliant solution that includes a firewall with a proprietary configuration to allow your business to function normally without allowing hackers in We also include a booklet with employee procedures, PCI policies, training, and other PCI requirements that keep your business and customer safe We even monitor and update the device to catch the bad guys in the act and keep your business safe from future attacks — all this at a price that all companies can easily afford Subscribe to our YouTube channel for more business cyber security tips and click our video to learn more about this instant security and compliance solution