Media Kit

Fb Share

The question we field more than any other when talking to small merchants is, “Who is making me become PCI compliant?” The answer is too complicated to simply point at one entity and say, “It’s this guy, right here.” 

In a few states, elements of PCI are law, but for the most part, Level 4 merchants (the smallest merchant type that makes up over 95% of all businesses) do not have to prove their PCI compliance to anyone. Some acquiring banks are running a program with their smaller merchants and forcing them to validate, and the credit card companies have dictated that all merchants must be PCI compliant at all times, even if they only accept a single credit card per year. However, the credit card companies are not currently forcing the merchants to prove their PCI compliance. The issue only comes to a head when a breach happens.

If a merchant loses credit cards, then the whole game changes. The acquiring banks, credit card companies, and law enforcement will be much more interested in seeing proof of PCI compliance. At that point, the merchant involved will need to prove that not only are they compliant at the time of the investigation, but that they had been compliant before the breach occurred. Merchants who have been lax in their compliance will face potential fines, penalties, and other sanctions from the credit card companies. The cost associated with this phase of a breach can easily run into tens of thousands of dollars with $35-50K being the average for a small merchant.

More important than the actual fines is the loss of business. When people learn that their credit card was stolen when they shopped at a particular location, they tend to avoid that location in the future.  There are numerous retailers who have lost too many customers to stay in business after the public learned of their breach. With a recent restaurant breach in Texas, the proprietor of Flores Mexican Restaurant, is asking the public to forgive him and come back to his business.  By his own estimates, he has lost 15% of his revenue after hackers managed to steal credit cards from his point of sale system using malware, malicious software.

Small businesses are a prime target for hackers, and you should never believe that you are too small to be noticed. If you do not take security seriously, it is only a matter of time before you are a victim. It is always easier to keep a customer than to regain the trust of one. If you are a merchant and you are deciding to wait until someone forces you to be compliant before doing anything, then conservatively you should project at least a 15% loss in revenue. Hackers are not going away, and ignoring the problem makes you a prime target.

Related Content

User Comments – Give us your opinion!
Products & Services

Food Cost Management

http://global.networldalliance.com/new/images/products/6401.png

6401/Food-Cost-Management

Self Serve iPad Ordering

http://global.networldalliance.com/new/images/products/5605.png

5605/Self-Serve-iPad-Ordering

Social Security Number (SSN) Verification

http://global.networldalliance.com/new/images/products/SSN_employmentsearch.gif

1426/Social-Security-Number-SSN-Verification

Online Ordering

http://global.networldalliance.com/new/images/products/4285.png

4285/Online-Ordering

Quote decoder: how to compare restaurant POS systems

http://global.networldalliance.com/new/images/products/1290.png

1290/Quote-decoder-how-to-compare-restaurant-POS-systems

Custom Digital Signage Templates

http://global.networldalliance.com/new/images/products/6683.png

6683/Custom-Digital-Signage-Templates

HAND-PINCHED STYLE® Sausage and Beef Toppings

http://global.networldalliance.com/new/images/products/6785.png

6785/HAND-PINCHED-STYLE-Sausage-and-Beef-Toppings

Features

http://global.networldalliance.com/new/images/products/4541.png

4541/Features

Distribution RFP’s & RFQ’s

http://global.networldalliance.com/new/images/products/6411.png

6411/Distribution-RFP-s-RFQ-s

Luzianne iced tea

http://global.networldalliance.com/new/images/products/6957.png

6957/Luzianne-iced-tea

PCI Compliance & Network Security

Latest posts by Brad Cyprus
Brad Cyprus
Bradley K. Cyprus has more than 20 years experience in the security industry. He manages the development of in-house solutions to validate compliance, and he is a resource that Vendor Safe customers can rely upon to help interpret the PCI standard.
Digital Menu Boards and ROI
Request Information From Suppliers
Save time looking for suppliers. Complete this form to submit a Request for Information to our entire network of partners.