PCI Oh My: New Study Shows Compliance Can “Make or Break” Merchant Relationships (updated)

PCI Oh My: New Study Shows Compliance Can “Make or Break” Merchant Relationships (updated)

Compliance Can “Make or Break” Merchant Relationships

A new ControlScan survey making the rounds of the financial press, showing that “one in four acquirers say that how they approached Payment Card Industry security standard compliance caused them to lose merchant accounts.”

As one ControlScan exec said, “Easing their merchants’ PCI compliance pain is certainly to the acquirer’s competitive advantage, but for risk reasons, it’s important to actually get the merchants compliant.” Because another large breach or hack — with your company in the middle of that unwanted news — will often irreparably damage another critical merchant relationship: That with customers.

Neiman-Marcus, for example, was ordered “to pay $1.6 million to settle a class-action lawsuit over a 2013 security breach that exposed the credit and debit card data of about 350,000 shoppers,” just this past week. So often the effects of such security lapses will linger for years.

Tips For Easy PCI Compliance

Among the tips for easy PCI Compliance, as summarized by PC World, are:

  • Don’t store Cardholder Data
  • Choose a PCI Compliant Web Host
  • Use a separate network to process payments
  • Secure all mobile card readers

For that last bit of advice,  the article suggests that “basically you should ensure the mobile devices are kept physically and digitally secure from theft, unauthorized use, malware, and hacking. Don’t jailbreak or root your device or enable other functions that can make the device insecure, like USB Debugging on Android devices.”

Article on PCI Compliance

As we reviewed our earlier article on PCI compliance, we were struck by this update from GCN, a public sector IT journal. Their article mentioned public agencies which are increasingly geared to take credit card for payments — from taxes, to parking tickets, park use fees, and a myriad of other things. Among the reasons given for agencies to also become PCI Compliant:

  • It protects citizens data, and reduces the risk of a data breach.
  • It helps standardize security at different agencies, and even at different levels of government
  • It can improve overall efficiency of dataflow
  • It reduces the cost of an eventual data breach.
The article goes to quote payment vendor Square in noting that “while PCI compliance is not a law, that doesn’t mean being out of compliance isn’t a big deal. In fact, a  2015 Verizon Data Breach Incident Report found that there were almost 80,000 data security incidents this year [2016]. So it’s more important than ever that your payment processing life cycle is secure.
 
And as we’ve been reporting, data breaches have only increased since the time frame Square was referring to — indeed, there’s already an increase through the first half of this year.  So if you’re not PCI compliant yet, now would probably be a really good time to start.
Before our next update for this article — with a link to an even greater rate of data breaches!