For some small businesses, the idea of taking steps to comply with the Payment Card Industry Data Security Standard (PCI DSS) has either never crossed their minds, or was quickly dismissed as costly and unnecessary. Why invest time and money into complying with standards that barely apply to your business? You only process the occasional credit card transaction, so there’s no need to be overly concerned with security measures, right?

Small Business PCI Compliance

The answer to that question depends entirely on how willing you are to pay hefty fines and lose loyal customers when a cybercriminal steals their debit or credit card information. A small business that handles only a hundred or so debit or credit card transactions each year is just as likely to be targeted by a hacker as a huge department store or retail chain. A hacker looking to make a quick buck will gladly help themselves to the small bit of personal data your business has because your lax security means less work for them.

When a data breach happens, your businesses faces a series of ugly consequences, such as:

  • The cost of having a forensic investigation completed to find the source of the data breach, and see the number of cards compromised as a result
  • Thousands of dollars in fines from both your bank and from credit card providers
  • Damage to your reputation, a loss of current business, and potential loss of future business
  • The cost of having to invest in new, more secure technology immediately and processes

And these are just some of the consequences that will impact your business. As a direct result of your actions (or inaction), the financial institutions who issued the now-compromised cards are forced to cover thousands in fraudulent charges on behalf of their patrons, and your customers are compelled to go through the process of disputing those charges and having their cards replaced.

At the end of the day, your decision not to bother with PCI compliance puts both your business and your customers at risk.

But PCI compliance doesn’t have to be a huge or costly ordeal. How you process these transactions is more important than how many you process where PCI is concerned. Certain methods come with a higher level of risk than others, which means it’s just a matter of choosing a secure and cost-effective method that suits your business.

If debit and credit transactions are rare, a service like Square is a great solution as the bulk of the PCI compliance burden falls on the vendor, not your business. If you process enough transactions to warrant a dial-up terminal, you’ll need to make sure your connection is secure. Both of these are considered low-risk options.

Businesses that use a POS system on a single main PC and process sporadic debit and credit transactions are a different story. Especially when that PC has full, unregulated Internet access. Your PCI risk level is significantly higher, and you’ll need to make sure that:

  • A properly configured firewall secures your PC and network
  • Third party vendors are tracked
  • Quarterly vulnerability scanning is completed

Securing your POS system and your business’ network can be made much easier with outside help from a knowledgeable and experienced IT support services provider. Finding a professional that is familiar with PCI DSS and understands the risks your business is facing can make all the difference when it comes to protecting your business.

Wondering where your business stands as far as PCI compliance is concerned? For the month of February, RCOR Technologies is offering a Compliance Evaluation and customized plan for continual compliance for only $1395 – $500 off of our regular $1895 fee. Contact us at tim@rcor.com or (919) 313-9355 to take advantage of this great offer. We’re the IT professionals businesses in Raleigh trust.