Payment Card Industry Data Security Standards in 2011
While substantial breaches seem to be diminishing as large companies do just that, Payment Card Industry Data Security Standard (PCI DSS) experts point to Level III and Level IV merchants to be at high risk for credit card data theft in 2011. That’s a large number of merchants who’ve been relaxing above the “cloud” of breaches because their “stuff is not worth stealing.”
Just ask a local Ft. Mills, SC restauranteer on the cost of a “small” breach. With an estimated 30 credit card data records stolen at an overall cost of nearly $60,000 – small business owners should be on full alert. The restaurant was a hacking casualty as investigations have turned up no indications of an inside job. The business owner seems to have made all the right moves following SC law in disclosing the breach and making good with customers. Admirable. Costly.
We besiege our fellow business owners and merchants to pay attention. In the ongoing effort to protect merchants, processors and consumers from fraud and inevitably, financial loss, PCI DSS version 2.0 was released in October of 2010. The new standards remind us that with new technology comes vulnerability.
The new version offers more new guidance than costly change and efforts to comply with version 1.2 will easily and directly relate to version 2.0. Naturally compliance with the new version isn’t expected by the card brands until January 2012.
We remind you to adhere to common sense and start with the basics –
- Do not store credit card data. Do not.
- Check your POS equipment and softwares for PCI compliance.
- Check your business processes for security flaws.
These resources will get you started in the right direction for 2011.
PCI DSS for Small Merchants – an excellent no nonsense site to assist the small business owner with payment card industry data security standards.
Privacy Rights Clearinghouse – a wealth of information on state laws, breaches, etc. A must see.
It’s our job to protect the credit card data of customers, like it was our own.