Point of sale systems make every merchants’ day-to-day activities run more smoothly, so keeping technology up to date and secure is important. It’s not just your business that relies on your system; your customers put their trust in it to keep their data secure as well. Every time shoppers complete a transaction at the terminal, their personal information is sent across public networks. If your business is not PCI compliant for maximum payment data security, you are putting customers and your business at risk.
Breaches are like a perfect storm: they can happen when the system is vulnerable and cybercriminals are looking for ways to steal your data. However, you have some control to stop the storm. It’s a given that hackers and thieves want your data, but you can control whether your POS system is vulnerable. A good place to start is making sure your POS and payment technology meets PCI-DSS standards.
What is PCI Compliance?
PCI compliance refers to meeting Payment Card Industry DataSecurity Standards (PCI-DSS), which outline how credit card data should be secured and stored. The credit card industry’s big four, Visa, MasterCard, American Express and Discover, founded the PCI Security Standards Council which regulates the standards. To ensure a high level of payment data security across the industry, PCI security standards include requirements about firewalls, passwords, encryption, employee ID numbers, system access, and data storage and transmission.
Does this matter for my business?
If your business accepts credit cards in-store or online, then PCI compliance pertains to you. There are no varying degrees of compliance, you either are or you’re not. Non-compliance puts you at risk for financial attacks and breaches. Aside from bad publicity and loss of business, these events can hurt your wallet and end your relationship with your financial institution. Fines for non-PCI compliance can run upwards of $100,000 a month from the PCI council.
What do I need for maximum payment data security?
There are three technologies that work together to optimize a payment data security environment:
EMV: EMV technology makes card-present transactions more secure. The changeover to EMV not only changed how people pay with a credit card (inserting chip cards into the terminal, rather than swiping), it also shifted responsibility for fraudulent transactions from the banks to the merchants if the merchants aren’t using EMV-ready technology. That means businesses no longer have the credit card companies’ protection if someone makes a fraudulent transaction; they’re on the hook for those losses. The result of non-compliance can be an expensive lesson.
Tokenization: This technology helps merchants keep payment card data out of PCI scope. Tokenization refers to swapping sensitive data like credit card numbers or personal information with a “token” that is used to complete a specific transaction. Since the data has been converted to a token before being sent over the networks and it isn’t an actual account number, tokenized information doesn’t have any value to hackers and data thieves.
Encryption: Whenever cardholder information is saved or sent over open networks, this data must be encrypted. Encryption is when sensitive information is converted into a code that can only be deciphered with a cryptographic key — which hackers don’t have. Full credit and debit card numbers and other personal information should never be stored or sent over open networks.
Payment data security technologies and PCI compliance help protect your business from security breaches. These events are front-page news that have long-lasting consequences for businesses, including negative publicity, loss of revenue, and liability associated with the breach. Don’t allow your POS system to be a victim, stay informed and keep your technology up to date.