An overwhelming number of small businesses accept credit cards without meeting the PCI compliance requirements.
Online PR News – 14-February-2012 – – PCI Free provides small business owners with a one of a kind free resource, assisting small business owners in obtaining and maintaining PCI compliance. PCI Free elaborates "A security breach can easily lead to big fines, a loss of customers and the elimination of processing payment card transactions." A Non-compliant business can also be held liable for the cost of chargebacks, of reissuing cards and for providing monthly monitoring for the hacked accounts.
One confirmed security breach for a Level 4 merchant (typically a small business) can result in having to meet Level 1 compliance standards. PCI compliance, also known as Payment Card Industry Data Security Standard (or PCI DSS), is a group of requirements mandating all businesses utilize a secure environment to process, store and transmit credit card information. PCI DSS is managed by an independent organization consisting of representatives of major credit card brands.
Small businesses processing less than 20,000 transactions per month are required to meet specific PCI compliance standards. PCI Free remarks "If a business processes just one credit card transaction per year, the business is obligated to be PCI compliant. If a company's payment process contacts secure credit card data, the company is required to meet PCI security standards."
A study by Bank of America shows small business merchant accounts are the highest security risks; many small businesses feel they can't afford to place a stronger emphasis on security or simply don't have the IT expertise to enhance security. Visa Card reports over 80 percent of its non-compliance issues came from level 4 merchants.
A common question among small business owners who operate multiple locations is whether each location is required to comply individually. It's not necessary, if each location operates and processes payment card transactions using the same taxpayer ID or EIN. These small businesses only have to validate their PCI compliance once a year and all locations are generally covered by it. A potential requirement includes passing quarterly network scans by PCI SSC approved scanning vendors and this typically needs to be done for only one location.
One of the main reasons for implementing PCI standards is many small businesses take security too lightly. For example, some small business owners use their main server for a variety of risky activities such as surfing the Internet, playing games, using chat software or utilizing person-to-person downloading utilities - all of these activities are risky for businesses which store vital credit card information and personal information on their servers. These activities can result in theft of customers' financial and personal data.
The cost associated with non-PCI compliance is substantially higher than the cost of meeting PCI compliance standards. The PCI standards consist of common sense rules. Non-PCI compliant small businesses risk a huge loss in terms of time and money when security is breached.
Free PCI provides free compliance solutions and resources for small business owners. Merchants and small business owners can find easy to understand guides, simplified compliance procedures along with PCI compliant merchant processing solutions.