Small Businesses and PCI DSS Compliancy
While most of you are aware of some of the worst data breaches that have occurred in recent months, you may not be aware of just how serious a problem that this has become.
96% of systems are not PCI Compliant – While PCI DSS compliancy data statistics vary somewhat from industry to industry, the 2013 – 2014 data indicates that between 90% – 96% of all data breaches investigated by the Secret Service and forensic analysis units involved merchants who where not PCI DSS Compliant at the time of the data theft.
95% of all data theft hits small merchants – As an example, VISA, Inc. estimates that about 95% of credit card data breaches that are reported to VISA and that are discovered by VISA, are on it’s smallest business customers. This is despite the fact that PCI requirements apply to all merchants who handle payment card data, regardless of their size.
Some of the more common reasons that small businesses are not PCI DSS Compliant are:
- Business principals attitudes such as: "it can’t possibly happen to me", and/or, "I’ll worry about if it does happen to me." – The main issue is that it if a breach does happen, the costs associated with breach could easily be tens of tens of thousands of dollars, and could bankrupt many merchants. This could be exacerbated by loss of long term and loyal customers.
- Businesses with no IT staff or professional service firms that monitory compliancy or security.
- Unsecured computing environments – Open servers and unsecured intranet/Internet; no firewalls, or improperly secured; lack of operating system and application software security patches; no Anti-Virus or Anti-Malware software, or software that is not current.
- Poor Staff Training – Staff using the servers or workstations/Register to surf the internet, download games and music from sharing sites. This includes staff not being aware of indications of actual breaches.
If you would like to have your computing environment investigated for compliancy, please contact the CCS Retail Systems Sales Department.
-John