PCI Compliance and The Potentially High Costs of a Breach

Let’s talk about PCI Compliance. In the summer of 2019, it came out that Capital One – a credit card issuer themselves – fell victim to a hack that exposed the data of 100 million cardholders and applicants. That might seem extreme, but it’s only the latest in a series of high-profile security breaches that have resulted in the theft of personal data. In 2018, Marriott discovered a years-long breach that exposed the data of 500 million customers. In 2014 a breach exposed the data of 56 million Home Depot customers, and a year before that, Target was hit with a hack that exposed 110 million customers. Other household names that have fallen victim to hacks in that time have included Yahoo, Adobe, eBay, Sony, and more. 

How PCI Compliance Protects Businesses

The reality is, data is extremely valuable, and anything of value will always be the target of theft. You might be asking what chance your small business has if these behemoths can’t keep hackers out, and it’s a valid question. First and foremost, the smaller you are, the less likely you are to be targeted, but the risk is always there. Beyond that, stopping data breaches all together isn’t realistically possible. But staying fully PCI compliant ensures that if for any reason there is a breach, your company will be able to show that you were fully on board with all rules and guidance, and that will significantly minimize your exposure. Target, for instance, was fully PCI compliant, and as such, the cost of its breach was small and insurance covered much of it. 

What is PCI Compliance?

PCI compliance involves a business meeting a set of security requirements designed, mandated, and administered by the five major credit card issuers: Visa, American Express, Mastercard, Discovery, and JCB. The PCI security protocols aren’t required by law, but every business that processes credit card transactions and transmits or stores credit card payment data is required to be fully PCI compliant as part of their dealings with the credit card issuers. Failing to meet compliance standards can result in ongoing merchant account penalties, potential loss of an account altogether, and hefty fines in the event of a breach. 

How BAMS Helps Merchants Become Compliant

Becoming PCI compliant requires meeting a specific set of security standards and following a specific set of regular protocols to ensure ongoing security maintenance. Companies must analyze their existing compliance status, fill out an annual self-assessment questionnaire, identify any deficiencies in the 12 individual areas defined by the compliance protocol, and remedy any they find. Once all that is complete, an attestation of compliance can be filed, and the certification process completed. That process can be flummoxing for some businesses, especially new merchants just entering the world of credit card processing. At BAMS, we understand that confusion, so our reps walk each of our new merchants, step-by-step, through the compliance process to ensure that everything is done properly and that compliance can be achieved with minimal headaches and maximum efficiency. 

For more information on how BAMS can help your business get set up with a merchant account that will offer you the lowest possible fees and provide you with the step-by-step assistance, you need to ensure full PCI compliance, contact us today to speak to a member of our expert support team.