Were you one of the millions caught up in the recent Target or Niemen Marcus data breaches? I was. And I have heard several stories of others who were at a minimum inconvenienced if not cut off completely from using a credit or debit card right before the holidays.
I stood flabbergasted at the register of a local store, holding up everyone else waiting to check out while trying to figure out why my debit card was being declined. It was even more embarrassing to tell the clerk I was sure my account was fine and that there were sufficient funds to cover the bill, knowing full well he’d heard that story many times before.
What I didn’t know then was that my bank had lowered the spending limit on my debit card and ATM withdrawals, trying to limit losses from stolen credit/debit information. Clearly, they were trying to protect me. It would have been nice to know that before I went shopping.
Since then, I’ve heard a lot about what consumers can do to protect themselves and minimize the risk of someone using their information to make fraudulent purchases. But what about local business owners, retailers, service providers and the thousands of companies that accept credit and debit card payments? How can they protect themselves so they don’t end up in the headlines like Target?
At a minimum, businesses of all sizes should do an annual “audit” of its payments system. Just like your computer network, phone systems and other logistics of your business, the payment process for accepting credit/debit cards needs regular maintenance to ensure it is up-to-date and providing you and your customers with maximum protection.
The reason many of these data breaches occur is because hackers and cyber criminals have found a weak spot in the processing of credit/debit cards. Most companies accept credit/debit cards in one of three ways:
• through a “point of sale” terminal at the register (the device used by checkout clerks to swipe your card)
• collecting the data over the phone or through the mail
• completing a transaction online where consumers enter their credit/debit card information manually.
Each of these methods have weaknesses that you, as a business owner or manager, must know about and protect. Your liability can go far beyond the original purchase of an item from fines and penalties to legal action brought against your business.
Before I go into what precautions can be taken to help increase the security of taking credit/debit card payments, I want to outline one industry standard that was developed to help reduce risk of loss and theft of financial information, specifically for payment cards like MasterCard, Visa, Discover and American Express.
The Payment Card Industry Data Security Standard*, also known as PCI DSS or PCI, was established in 2006 to, “…ensure that ALL companies that process, store or transmit credit card information maintain a secure environment.” While this is not a perfect solution, it does establish a set of protocols that help secure payment information.
If you are dealing with credit and debit cards, this standard applies to you. Ignore it at your own risk. If you work with service providers that are part of the payment processing system for your organization, check to see if they are “PCI “ compliant. This one step could save you a lot of hassle in the future if you ever have a security issue involving payments with credit or debit cards.
For more information about PCI standards and FAQs about its implementation, visit pcicomplianceguide.org/aboutpcicompliance.php.
Don Bush is vice president of marketing at Kount, Inc. This is the first of a two-part guest column aimed at helping businesses understand how to shore up their security when accepting credit/debit card payments.