This is the last in a series of four brief summaries about what small business owners need to know about data breach risk and liability.
If you’re a business owner, it’s important to do what you can to protect the payment information in your possession in order to protect your business. The first step to take is to become and remain compliance with PCI DSS. If you follow the prescribed measures for data security, you’ll vastly reduce your risk of a data breach, and possibly reduce your liability in the event of a breach.
The PCI Security Standards Council is the official source of everything you need to learn about PCI DSS. Some of the requirements are quite technical, so it may benefit you to consult with a security specialist to implement all the protective measures. Afterward, it’s important to have an independent Qualified Security Assessor validate your PCI compliance status. Such an assessment is required annually anyway.
While the PCI DSS guidelines are quite thorough, there are additional security measures you can implement to vastly improve your security long-term. Two technologies in particular address many vulnerabilities in the payment process: encryption and tokenization.
Encryption changes card number from plan text information into a non-readable form called cipher text. A software key is required to decrypt the information and return it to its original plain text format. Tokenization is the process of substituting a token (or alias) as a replacement for a real credit card number. Your merchant service provider can advise you on how to use these technologies in your payment system to greatly reduce your risk of a data breach by rendering the data in your system unreadable and unusable by cyber-thieves.
One more component of safety that is designed to help prevent the fraudulent use of cards at the POS is chip and PIN technology. Make sure you have the equipment and processing capabilities to accept the new EMV cards that issuers are beginning to distribute to their customers. These cards can generate a one-time code for each transaction, making them more secure than traditional magstripe cards.
As a successful merchant, you want to focus on serving your customers and expanding your business. You don’t want to lose sleep over concerns about data breaches and liabilities that can harm your business.
You can read more in Payment Card Data Breaches: What You Need to Know About Your Risk and Liability.