You may be fluent in the language of PCI DSS, but what you may not know is what it means for you. Whether you’re a software provider, a small business or a nonprofit, it’s important to know about card data security. Check out how security vulnerabilities allowed Target’s payment processing system to be breached, then download our free guide to better understand all things PCI.
Any merchant can be victim to a data breach. We know large organizations suffer from breaches—Target’s December 2013 breach which led to data theft of 40 million credit and debit cards was, unsurprisingly, highly reported on. But small businesses should know that being small doesn’t make them immune to breaches. Often, smaller merchants are more likely targets. For example, those in the hospitality industry are often breached because they used solutions that didn’t do enough to reduce their PCI scope, or because they used those solutions incorrectly.
There are always new ways to hack into systems. Target was breached through hackers who stole login credentials from its HVAC contractor and used that access to break into its network. It’s hard to believe something as innocuous as an HVAC system could lead to such a high-profile security breach, but the future may hold even more instances of everyday objects being used as a jumping point for data theft. The Internet of things (IoT), or the inter-networking of devices, vehicles and buildings has created a new industry in hacking. For instance, in 2017, an industrial dishwasher was discovered to have a vulnerability that allowed attackers to access the device and use it as a bouncing point for compromising other devices on the same network.
A data breach is incredibly expensive. Target paid $39 million to banks and card companies to settle lawsuits filed over the cost of replacing more than 17 million cards as a result of its data breach. A company financial statement revealed the breach cost $252 million in total. A small merchant facing a breach will find themselves fielding technical questions from their bank, processor and card brands. A breach can lead to a merchant needing to hire a forensic auditor, and the possibility of $5,000/month in fines from card brands until they are back in compliance. For a small business, these costs can be crippling.
…and it costs more than just dollars. Harder to measure than lost money is lost consumer trust. And this lack of trust has a noticeable impact on an organization’s bottom line. So when it comes to security, better safe than sorry.
Protecting your business or organization is a matter of putting the right measures in place. Encryption and tokenization are two of the tools that can help increase card security. PaymentSpring’s gateway utilizes both, and that’s just one of the ways we look out for our merchants.