With recent cybersecurity breaches of companies like Target and Home Depot, big businesses are doing all they can to secure their customer’s credit card information. What many small businesses do not realize, is that they are just as likely targets for cybercriminals. In fact, due to less secure firewalls and networks, small businesses are often an easier target for hacking.
Here are 4 things you might not know about credit card security and your small business.
1. Cyber attacks on small business are increasing
According to Govinfosecurity.com, cyber attacks on small businesses are increasing at an alarming rate. What this means, is that your business could be next. This seems counter-intuitive. After all, surely there are plenty of businesses that have more money and credit card data to be stolen than you do. Cyber criminals will attack the more lucrative business, right?
Although this reasoning sounds good, it is not necessarily true. In fact, the opposite could be true. Smaller and less lucrative businesses often have a much lower level of network security, which makes hacking their payment terminal a breeze. If a system does not have proper protection, hackers can now inject malware onto your network from anywhere in the world, giving them instant access to sensitive customer data and credit card information.
2. By accepting credit cards you automatically agree to abide by PCI DSS Standards
The Payment Card Industry (PCI) council has a set of credit card security standards, known as PCI Data Security Standard (PCI DSS), that apply to each and every credit card transaction. If you accept credit cards as payment, then you have agreed to abide by PCI DSS protocol, whether you know it or not. Although many small businesses are not checked for compliance as often as bigger businesses, PCI DSS standards are just as strict for small businesses as they are for a Target or Home Depot.
It is important to understand that there are PCI DSS standards for both your network and your POS/transaction system. A lot of small business owners purchase a POS system that is “PCI compliant” and assume that they are safe from cyber threats. But if your network is not secure and compliant, then you can still be hacked with minimal effort.
3. If your small business is found to be non-compliant, you are liable for various fines, fees, and 100% of resulting fraud loss
60% of small businesses go out of business within 6 months of suffering a cyber security breach. The reason, is because cyber security breaches are extremely costly, especially if you are found to be non-compliant to PCI DSS standards.
If your small business is suspected of being breached, then your merchant service provider or their bank will initiate a PCI DSS compliance audit. The PCI audit team will then come in and try to determine where the breach occurred, how it happened, and whether you were PCI DSS compliant. If you are found to be compliant, then you are generally off the hook, although you still may have to pay some portion of the audit fees.
However, if you are found to be non-compliant, you are liable for the following charges:
- Data Security Fine – Up to $500,000 fine per security breach incident.
- Non-Compliance Fines – Up to $50,000 per day for non-compliance with published standards.
- Card Replacement Fees – $3-$10 per card x total number of cards compromised.
- Refund Fees – Potentially held liable for all fraud losses incurred from compromised account numbers.
If breached, your business not only risks a severe monetary penalty, you also risk losing the trust of your customers. Often, the loss of customers is the final blow that finishes off an already compromised small business
4. 20% of small businesses remain non-compliant
According to Govinfosecurity.com, more than 20% of small businesses remain non-compliant to PCI DSS standards and 14% do not know their compliance status. This is a startling and sobering statistic. This means that over 20% of small businesses are at risk for cyber security breaches. With networks and payment terminals that are under protected, these small businesses are prime targets for cybercriminals. If hacked, the odds are the fines and fees associated with a PCI DSS audit will be too much for these businesses to stay alive.
The question is, is your small business PCI DSS compliant? If not, you are at risk for a cyber security breach that could very well mean the end for your business. If the fines and fees do not put you under, the loss of customer support and trust in your business will.
Take the time to make your business PCI DSS compliant. Your business will be much more secure and your customers can rest assured you are doing your best to protect their sensitive information.
Author: Jason Rueger is a staff writer for Fit Small Business, specializing on retail small businesses. He is also a solopreneur, operating Rueger Pottery. He creates handmade pottery for sale on Etsy and local fairs.
Published: November 14, 2014