Updates and News

Newsletters

• First Newletter
• Second Newletter

PCI Compliance

First of all, PCI is an acronym for Payment Card Industry. Secondly, compliance is a matter of adhering to the security standards set by the PCI DSS (Data Security Standards) Council, the organization that was created by American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa Inc. This council’s mission is to enhance payment account security by creating and maintaining PCI Security Standards, as well as fostering the education and awareness of these security standards

In other words, in an effort to reduce fraud and keep electronic payment information secure, there are rules to follow. Your equipment or processing software must be current with these standards and your business must take every precautionary method possible to keep such information protected. This is why you should NEVER see a full credit card number print on a receipt, and this is why you must NEVER store credit card information on computers or electronic devices. You must also be processing your transactions in such a way that hackers cannot access this information at any time.

If you have a specific question regarding PCI Compliance and your business, please contact The Merchant’s Matchmaker © directly or go to the official website of the PCI DSS Council, www.pcisecuritystandards.org. This website is a fantastic resource regarding the topic with many FAQ’s that offer a better understanding of PCI compliance as a whole, and we highly recommend that you visit the site if you’re seeking information.

PCI Compliance is very important to every business owner, regardless of how you do business: retail, restaurant, online, seasonal, mobile, etc. If you accept card payments from your customers, you MUST adhere to the PCI compliance regulations. If you fail to do so, knowingly or unknowingly, and a data breach occurs, you could be fined up to $50,000/month and/or egregious fines of up to $500,000 by the payment brands. These hefty fines would put many small business owners out of business, so please make sure you understand what is required for your specific business to avoid such an occurrence!!

All this being said, please make note of the following: There are far too many processing companies, equipment vendors and Point-of-sale software retailers that are not being completely honest with merchants. They will tell you that your equipment and/or software is no longer compliant and force you to purchase new equipment or software upgrades, and at very inflated prices. They are sadly taking advantage of the fact that few merchants understand this topic and have no resources whereby they can determine the truth. This is where The Merchant’s Matchmaker © can really make a difference.

Before you buy that new equipment or pay for the software upgrade, call us to find out if you are being told the truth for your specific business. We will assist you in discovering the truth, with absolutely no obligation and no cost to you! As a business advocacy, it is our goal to help you protect your best interests, and sometimes that just means asking the right questions of someone that you can trust to be honest and objective. Be proactive, call today!

Data Breaches

There have been many data breaches since the beginning of the card processing option, but people really started paying attention when TJX was hacked in 2007, and then again in 2008 when Heartland Payment Systems was hacked, which, according to the Department of Justice was one of the largest data breaches ever investigated and prosecuted.

PCI Compliance standards have been in place since card payment processing became mainstream, but the enforcement of those standards was lax. As a result of the above-mentioned incidents, PCI compliance awareness became a hotbed of information and activity as processors were forced to take a more proactive role with their merchants. Education took a front seat and the cost of this has continued to be passed on to the merchants.

Most merchants are now familiar with the term “PCI compliance”, though many are still in the dark when it comes to how it affects their specific business. In addition, most merchants are not happy about the PCI compliance and non-compliance fees they are forced to pay to their processing companies, and they feel that these fees are unfair and often to no avail.

Some processors claim that paying those fees will offer the merchant some level of protection, or an ‘insurance policy’, if you will, in case there were a data breach. In most cases, what is covered and what is not covered are not disclosed until something happens, and then the merchant discovers that there really is no coverage or protection at all, or perhaps very little. Be very cautious to not believe everything you are told, even by your processor. Fine print is king, remember!! Always ask for the Terms and Conditions in writing regarding PCI compliance ‘insurance coverage’ and look for the loopholes.

Another misconception passed on to merchants, usually directly by the representatives of their processor, is that the fees are ‘federally mandated’. This is absolutely false!! If your processor is telling you that the fees are federally mandated when you question them, they are lying or have been grossly misled. The federal government is NOT involved in PCI compliance fees whatsoever! And, in fact, the federal government, however surprisingly, is not involved in the PCI compliance arena at all! PCI compliance standards are created and maintained by the PCI DSS council, an organization developed and funded by the major payment brands, American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa Inc.

If you would like more information specific to your business on how to avoid data breaches, how to determine if your business is PCI compliant, or how to avoid paying PCI Compliance fees, please contact The Merchant’s Matchmaker © and we will be happy to answer your questions and help you find the information you need!

Mobile Device Insecurity

We definitely live in an age of technological genius and innovative progress, but when it comes to transacting card payments or other banking transactions via mobile devices, cell phones, iPads, laptops, etc., consumers and business owners alike need to be very aware of the lack of security for these devices. Often the manufacturers of the mobile devices and software developers are assuring consumers that the devices are secure, when in fact, they are not. Most of them can be easily hacked, even by a novice hacker.

This puts consumers at risk of fraud and identity theft, and it puts business owners at risk of allowing data breaches, which can incur fines of up to $50,000 per month and/or up to $500,000 in egregious fines, assessed to the business owner. This is a very serious matter and we need to start talking about it!

Most business owners using these devices have been erroneously led to believe that the devices are secure, but some business owners know they are not secure and choose to continue to use them anyway because they like the convenience. In either case, the business owner will be the one who is fined if a data breach occurs, not the manufacturer of the device or software. If you research the fine print, their attorneys have the verbiage in place that exempts them from responsibility.

This means that merchants need to be proactive and protect themselves, because no one else is going to protect them! If you need further information about a specific device or software program, feel free to contact The Merchant’s Matchmaker © and we will be happy to assist you in getting the answers you need! And don’t worry …. our consultations are free of charge and without obligation! You can call or email, whichever is most convenient! We look forward to being your resource for current and objective information for all things concerning payment processing!