I hate to sound like the doom and gloom of credit card processing, but I see businesses and merchants of all sizes everyday, who don’t truly understand data security and what’s involved beyond swiping a card and getting paid.
But you have a lot of things to worry about. And as long as you make the sale – you fell pretty good about accepting credit cards! One thing most sales reps don’t talk about is your liability with regard to securing cardholder data.
For some time, Visa and MasterCard have established rules to protect consumer’s cardholder information from breach. Very specific guidelines are in place. You have probably already received information from your processor sighting ways you can protect yourself. Take this information to heart regardless of the size of your business. Fines cost of the breach and investigation of the breach will all fall back on you. If you are breached for any reason, you can see fines and fees up to $50,000 even if no credit cards have been use fraudulently. The investigation will be done – at your cost!
This isn’t just for large Internet merchants,but anyone using software or a terminal to process credit card transactions. For example if someone broke into your business and stole your credit card terminal – it could be considered a breach, especially if you didn’t close your daily batch and had transactions housed in the terminal.
There are four easy ways to protect yourself:
1. Call your processor and ask them if the method you are using to process your credit cards is “PCI Compliant”. If not ask them what to do to become compliant. Sometime it’s as simple as a new download. Do this if you have a terminal or are using Internet-based software. The key is where the information is being stored and if it’s being encrypted or tokenzed. You don’t want to have any cardholder information residing in your system!. This is the single, most effective thing you can do to protect yourself
2. To minimize your exposure be sure you are set up for “auto-close”. This automatically closes your daily batch at a specified time that you establish. So if you forget, it’s handled. This ensures that there is no transaction information available. The bonus is that batches closed and processed in the first 24 hours receive the lowest possible rates.
3. Do your own research to find out about your responsibilities regarding compliance such as the Visa, MasterCard and National Retail Federation (NRF) websites.
4. Ask your processor about PCI insurance. It’s typically only a few dollars a month and can cover you for up to $50,000 of fines. Not all processors support this, but it’s worth asking the question.
It’s your liability – You owe it to yourself to become educated and protect yourself.
If you have questions, feel free to email me at firstname.lastname@example.org. I’ll answer your questions and post responses so everyone can learn from your questions.