Criminals Want Your Customer Data. Here's What Can Stop Them

Shaun Jex

It's hard work to build a strong brand and a solid customer base. If you aren’t careful, all of that effort can be undone in a moment.

If your company accepts credit cards, debit, or pre-paid cards, it is vital to ensure the associated financial data is kept secure.  Making sure that you follow the Payment Card Industry Data Security Standard (PCI DSS) is a simple way to protect you and your accounts from the havoc caused by data breaches. Unfortunately, it’s a standard that many still fail to follow.

Only  27.9% of organizations globally are able to ensure full PCI compliance


Risky Business

Because it is not a federal law in the United States, many American companies may not view compliance as an overwhelming priority. Or, because much of it involves network security, it may be dismissed by finance departments as an IT problem. However, the truth is that the repercussions of playing fast and loose with customers’ financial data impact every aspect of a business. 

So, just what is the danger of accepting credit card payments without the proper security in place

Research indicates that payment data remains the primary target for cybercriminals, with 90% of data breaches being financially motivated.

The impact of compromised data is far-reaching, impacting you, your customer, and the financial organizations involved. Neglecting to properly protect customers’ private information can, at its most basic level, cause you to lose customers, as well as sales, damage relationships with banks, and severely tarnish your reputation.

Payment brands, such as American Express, MasterCard, Discovery, and Visa International, may levy fines on an acquiring bank for failure to comply. The rate can vary from US$5000 to US$100,000, which will likely be passed along until it reaches the offending company.

In addition, banks may simply decide to terminate your account or increase your transaction fees.

It is estimated that the average data breach costs US$ 150 per record.

Organizations may also be forced to provide compensation to customers in an attempt to retain the account. In some cases, you may even face the risk of legal action from customers for failure to protect their data. 


Getting Compliant

The PCI Security Standards Council was created in 2006 in an effort to improve payment account security during the transaction process. It was built as an independent body by Visa, MasterCard, Discover, American Express, and JCB.

In brief, compliance means that any organization that stores, processes, or transmits payment data must comply with the 12 broad requirements and 200 line-item requirements stated on the PCI Security Standards website. It applies to any company, regardless of the size or volume of transactions they manage.

Under the guidelines, merchants are split into four categories:

  • Level One: over 6M transactions processed per year
  • Level Two: between 1M to 6M transactions processed per year
  • Level Three: between 20,000 to 1M transactions processed per year
  • Level Four: fewer than 20,000 transactions processed per year

Companies listed in levels two, three, and four must complete a PCI self-assessment and provide an attestation of compliance. These organizations may also be elevated to level one if they experience a data breach. In addition, companies must annually pass a security scan provided by an approved vendor.

Safe and Secure

Making sure your company meets the standards set out by the PCI SSC not only helps protect your customer data but also helps you maintain a reputation as an organization that can be trusted by clients and financial institutions alike. It safeguards you from fines or fees and protects you from the costly consequences of data breaches.

There are a number of practical steps that can be undertaken to reach PCI compliance, including defending your system with firewalls and encrypting the transmission of cardholder data. You can also restrict said data to need-to-know, regularly update antivirus software, conduct vulnerability scans, and perform risk assessments.

An accounts receivable automation solution like YayPay can also aid the process by providing customers with a self-service portal for making payments, allowing them to use the method that best suits their business needs through a PCI-compliant system. 

To learn more about how to safeguard your company, read YayPay’s whitepaper “5 Collections Best Practices to Minimize Risk in Turbulent Times”.