Sounds like a horror movie doesn’t it? Sadly, it is reality.
Everyday I see more and more businesses being “sloppy” about PCI compliance (Payment Card Industry if you’re a little more than sloppy……).
- Some have all of their clients credit card numbers on an Excel spreadsheet anyone can get to……………
- Some have a binder with all of the customer’s credit info so they can charge them on a recurring basis without having to call…………….
- Some even have to get a customer’s credit card number written on a basic invoice with one of their technicians who later brings it to the shop to be charged………..
All of these are a big no no that can result in fines anywhere from $90 to $500,000 and possible civil litigation from the consumer on top of that!!
In 2006, 40% of businesses that reported breaches had them come from contractors, employees, and business partners……………..
So how do you protect yourself?
- Protect stored card holder data
- If you have to keep customer’s credit info, do it the smart way. This means no paper records or folder full of the info. Use the computer. It's kind of a useful tool............
- Encrypt the data
- The easiest way to do this is to have a payment processing system that has encryption with it already. Preferably one that has a web based system of storing the data. That way it is never physically in your possession.
- Assign a unique user ID to each person that may have access to the data
- This does 2 things. One is that not just anybody can access the data. Two is that if something does happen, you can more readily find the culprit.