PCI Compliance a Concern for Small Businesses
Mobile processing capabilities mean a lot to small businesses. They enable the entrepreneur to compete with big corporations on the go, at a small cost with convenient features that enable marketing and data tracking to boot. However, what many small businesses don’t realize is that there are industry regulations in place for mobile processing and static point-of-sale terminals alike. These payment card industry (PCI) regulations are of major concern to small businesses, regardless of whether you have one or thirty employees.
Even if you only conduct a single transaction every month, you are still required to remain PCI compliant, and this process can be intimidating. A recent study showed that over 80 percent of companies are only about 80 percent compliant with PCI regulations, and that several months would be required to reach full compliance.
How to Remain Compliant
There are several things you can do to make sure you are in compliance with regulations. The first is to make sure that you identify all of your data, both business and client-based, and know how critical and sensitive this data is. If you go too broad you will run yourself into bankruptcy with expenses. Too narrow, and you jeopardize data.
Next, you should make sure that your mobile processing service is fully compliant. Any system that touches cardholder data in any way has to follow PCI regulations. If it’s not, you need to switch services. In addition, make sure that any servers that store or transmit data are in compliance with regulations.
Be sure that you have controls in place to protect the integrity of your cardholders’ data, and have a plan in place to respond to any breaches in security quickly and decisively. All of your employees should be fully versed in the security procedures and the response plan, with their responsibilities in case of a compromise clearly defined.
Remember, the minute you touch a credit card or debit card, or the minute a customer enters data in your online store, you are responsible for PCI compliance. Failure to remain compliant with standards could mean that you lose your privileges to accept credit cards for payments, and that can be disastrous.