Every time you swipe a customer’s card vital unencrypted information is collected and stored in your POS (point of sale) system. Most merchants are harboring unencrypted credit card data and don’t even know it. Over 70% of merchants that had their systems checked for security vulnerabilities were found to be storing customer’s unencrypted data. This is information that isn’t even needed by the merchant beyond the completed authorization for the transaction. The actual percentage of merchants and small businesses with this data is probably far higher as the 70% figure only reflects those that bothered to check.
Small Business security breaches are on the rise
According to the 2012 Verizon Data Breach study, 72% of reported security breaches were in businesses with 100 or less employees. Over the last five or six years cyber criminals have abandoned targeting big corporations because of their vast security measures. These hackers prefer the easy prey of mom and pop shops whose systems are easily breached. See a related story about a small restaurant chain hit with security breaches.
The financial cost of a breach can put you out of business
It is estimated that the loss of revenue to a small business that has suffered a security breach comes in at about $10,000. However, that is only the beginning. Card brands such as Visa, MasterCard and American Express will fine the acquiring bank between $20 and $30 for each card that is hacked. The acquiring bank then passes those fines on to the merchant. On average 40,000 cards are stolen per breach, multiply that by $30 per card and a merchant could be facing $1.2 million, just in fines. Furthermore the merchant is liable for whatever fraudulent charges were made on the card. In addition to the financial devastation that can result from a security breach, the loss of customer trust can ruin an otherwise stellar reputation.
Best practices for securing your data
So what can a merchant do to protect their customer’s data? There are several security measures such as firewalls, anti-virus software and creating unique ID’s and passwords for each user on the system. Unfortunately, as quickly as new security measures are developed, cyber criminals develop ways to breach those new measures. The best way to ensure you and your customers are protected is with PCI compliance. Merchants who accept credit cards know they are required to make their systems compliant, but what they don’t realize is it’s an ongoing process. Compliancy standards change constantly and keeping up can be confusing and time consuming. Many merchants assume that because their credit card processing company’s system is PCI compliant, so is their system. However, this is not always true.
It’s about more than transaction fee rates
Any merchant who accepts credit cards has undoubtedly received sales calls, mailers and spam emails from credit card processors promising lower transaction rates, no hidden fees, etc. Credit card processing is extremely competitive and full of fly by night operations. When choosing a merchant services provider, make sure that they provide ongoing and up-to-date PCI compliance services in addition to competitive transaction rates.
Are you a merchant worried you might have a breach on the horizon? Contact Evolve Systems for a mini audit of your payment-processing platform. Evolve Systems can guide you through the steps to becoming and remaining PCI compliant as well as providing competitive transaction rates.
Has your POS been hacked? How did you recover?