Can you afford not to accept credit cards in your store? NO!
Can you afford costs in excess of $50,000 if your system is breached? NO!
Can you afford security? You can’t afford to NOT have a secure system!
If your credit card data is compromised, you will be held responsible for the loss as well as hefty fees and fines. At risk are direct costs of compromised transactions, penalty fees and the costs of a forensic audit that costs at least $40,000 to $50,000. For most independent retailers this cost alone can be crippling, to say nothing of the cost in terms of customer confidence.
If you process more than 20,000 eCommerce or I million total credit card transactions a year it is currently required that you complete an annual Self Assessment Questionnaire (SAQ) as defined by the Payment Card Industries Data Security Standards (PCI DSS). If you process less than those thresholds, you are a Level 4 retailer but are still responsible for maintaining a secure system. It is recommended that you complete the annual Self Assessment Questionnaire (SAQ) at the minimum, although one may be required by your Acquiring bank, if not now, sometime in the foreseeable future.
Admittedly, when first reviewing these documents and requirements they can be daunting. But the fact of the matter is that it boils down to common sense and reasonable protection of electronic data that every business should have implemented anyhow.
Pay Now or Pay Later
Fear tactics aside (though I hope it worked), a tragedy like this can be avoided with minimal cost. The good news is that the hard costs are not large. The biggest cost is in self-education – understanding how to best protect your organization.
Yes, This Applies to You
Frankly, one could have the budget of the National Security Administration (NSA) and still never be 100% sure of being protected. But staying ahead in the security game is like being chased by a tiger: you don’t have to outrun the tiger, just the poor fellow running next to you. And as more and more companies become conditioned to outrun the fellow next to them you have to make sure you aren’t the one lagging behind.
Just like preparing for a marathon you can start to improve your security a little at a time. What is important is that you start. And once started, each progressive gain will be easier, and before you know it you will be in great condition to stay well ahead of the hackers.
In related articles we will provide suggestions and education on various security issues that you need to consider. A good many of them are very simple and inexpensive to implement – and every step you take will help put you one step ahead in the race. This series of newsletters will take you progressively through the steps that will help prepare you to complete your Self Assessment Questionnaire (SAQ) and pass with flying colors.
PCI Data Security Standard Terms & Definitions
PCI-DSS: Card Retention Options and SAQs
PCI-DSS: Security – Password Protection
As a firewall in a builidng is designed to prevent structural fire from crossing a physical barrier and causing damage to an adjacent structure, a computer firewall similarly protects one network segment from another. A firewall is designed to permit authorized communications out of a network or network segment while restricting unauthorized inbound traffic. As a firewall in a builidng has security doors that allow only authorized people use based on assurances that they are properly shut and secure, a computer firewall allows for access in and/or out through “ports” for authorized processes and/or users. Click here to find out more for PCI-DSS