According to the PCI Security Standards Council, more than 340 million computer records containing sensitive personal information have been involved in security breaches in the U.S. since 2005, and more than 80% of the attacks targeted small merchants.
Why do thieves target small merchants?
Because small businesses tend to have more lax security standards when it comes to protecting card holder data.
Back in June 2013, we wrote a blog about PCI Compliance for Auto Dealerships. That fact is, the information in that blog post applies to all merchants. READ IT HERE
If you are at fault for a security breach involving card holder data, the fallout and penalties can be severe for your business.
If you accept credit cards, here are 7 reasons why you should care about protecting card holder data:
- At minimum, loss of consumer confidence. If your business is involved in a data breach, consumers may go somewhere else.
- Lost sales. When the news hits that your business has had a data breach, sales can decline dramatically as a result of lost consumer trust.
- Termination of your ability to accept credit cards. The ability to accept credit cards at your business can be revoked by your provider.
- Fines and penalties. The payment brands may, at their discretion, fine an acquiring bank $5,000 to $100,000 per month for PCI compliance violations. The banks will most likely pass this fine on downstream until it eventually hits the business owner.
- Legal costs, settlements and judgments. Needless to say, in the event of a data breach, your busineses may be subject to legal action.
- Cost of reissuing new payment cards and subsequent costs of compliance. It is important to be familiar with your merchant account agreement, which should outline your financial exposure.
- Going out of business. Simply by reviewing items one through six in this list, it's easy to see why this can be catastrophic for a small business.
As a merchant, you are at the center of credit card payment transactions so it is imperative that you use standard security procedures and technologies to thwart theft of cardholder data.