Why Does Compliance Matter?
The electronic payments industry is a complex web of participants who all collectively work together to promote and facilitate credit card processing. The card associations, processors, acquirers, merchants, and cardholders are all integral parts of this industry. Part of the responsibility of each is protecting cardholder information from those whose goal is to steal and abuse, or otherwise use this information fraudulently.
In recent years, there have been numerous advances in protecting cardholder information from getting into the wrong hands. The Payment Card Industry Data Security Standards (PCI DSS), the Fair and Accurate Credit Transaction Act (FACTA) federal law and Triple DES PIN encryption have established standards and requirements for the safekeeping of cardholder information.
These regulatory standards mandate all entities handling cards and cardholder information, including all merchants, to maintain PCI compliance. PCI compliance includes things like removing full credit card numbers and expiration dates from receipts, conducting self-assessment questionnaires, and quarterly vulnerability scans to identify potential weaknesses. As the requirements for compliance continue to evolve, maintaining PCI Compliance is not a one-time achievement, but rather an ongoing requirement.
Some merchants may think their business is too small or their employees too trustworthy to worry about protecting against a breach. Others may feel it is too costly to maintain PCI compliance. However, no matter the size of the merchant, whether a merchant runs one or one hundred thousand transactions per month, compliance is never too far out of reach and the costs associated with a breach and/or non-compliance far outweigh the minimal investment to be compliant. Consider this – the average security breach costs to a small or medium size merchant can exceed hundreds of thousands of dollars and can impact the merchant beyond the financial consequences:
- Forensic investigation of computer or point of sale systems: $10,000 – $20,000
- Card Association fines for non-compliance with the PCI Standard: up to $500,000
- Replacement cards for breached accounts: $20 – $30 per card
- Reimbursement for fraudulent purchases made using breached information, as well as chargeback fees for those transactions
- Loss of business reputation, customer loyalty, and potentially credit card acceptance
- Potential listing in the MATCH
At Merchant Solutions IQ, we are committed to helping our merchants in understanding and staying current with PCI Compliance standards. If you have any questions about your PCI Compliance status, please call us at 800-536-1498 to make sure you are meeting all PCI requirements