“Hello, this is Ski Bank. We’re calling because an unusual purchase has shown up on your credit card. Can you confirm that you purchased a hot tub time machine for $8,000 yesterday?”
Unless you love recreating ridiculous plot lines from your favorite movies, a phone call like this will probably cause a pit in your stomach and hours of heartache to protect your finances. Receiving a notice that your credit card number has been stolen and is being used by someone else is frustrating, to say the least.
Over the years, companies have fallen victim to data breaches and leaks, causing their customer’s data – from email addresses to passwords to bank account and credit card numbers – to become available to those with bad intentions. A few recent examples include a Facebook security vulnerability that resulted in 530 million users’ information being leaked to the public (which cost them a $5 million dollar fine) and a Best Buy data breach that resulted in millions of customers’ payment information being stolen and used by bad actors.
Think data security breaches and leaks only happen to big businesses where standards get lost due to the size of the company? Think again. According to the PCI (payment card industry) Security Standards Council’s Guide to Safe Payments, small businesses are prime targets for data hacking, with 50% of small businesses breached in the last year.
How would your customers react if they knew their information was stolen because of a security vulnerability or data breach at your company? If you have a lump in your throat thinking about this risk, and are wondering what other risks you may have that you haven’t thought about, I’m here to serve as your risk assessor. I’ll help illuminate those areas where you can reduce risk, save money, and secure peace of mind.
Why Privacy And Security Should Be A Top Priority
Privacy and security should always be a top concern for any company. Not only is it in the best interest of your customers, it’s in the best interest of the future of your business as well. You don’t want your customers to feel betrayed or let down by your lack of security measures. Every customer wants to know that their interactions with you are safe. Your business could be sued, and/or you could receive fines for negligence or not adhering to PCI guidelines. Once news spreads of the problem, you’ll potentially lose customers – or customer satisfaction – that will tarnish your brand’s reputation.
No Cost Strategies To Avoid Being The Next Data Breach Victim
Data breaches and leaks require costly clean up in more ways than one. So how can you protect your business from damaging data vulnerabilities?
Overall, the best rule of thumb is to collect as little data as possible from your customers. If you don’t absolutely need it in order to do business, then don’t collect it. If you do have to collect it, don’t hold on to it longer than you need to. For example, some businesses delete all customer information after 6 months of activity with their business.
Virtually all businesses have to collect payment information in this day and age when cash isn’t used much anymore. Here are a few wise, no-cost-to-implement tips to keep your company PCI compliant.
Install a button on your website to allow customers to pay their invoices securely by going directly to your merchant processor’s website. Whoever you are using for your merchant processor should be the one handling your customer’s payment information, not your business. Keep minimal payment records and keep it off your business’ assets as much as possible. That way, if there is an issue, it’s not with you, it’s with them.
If someone calls and gives you their number over the phone, have the employee process it directly using that button on your website so you aren’t writing it down or storing it in an electronic document. In fact, consider not taking credit card information over the phone at all and instead direct them to do it online themselves instead.
Avoid writing credit card numbers down on paper. If you absolutely do have to write it down, shred the paper as soon as the payment has been processed. Avoid saving their credit card number in your data systems at all costs. I’ve seen people take images of credit card numbers and keep them in a shared drive, or manually input them into excel sheets with hundreds of credit card numbers in column E. While I love Excel, it is not the place for payment information! If you do have to keep information for accounting purposes, only keep the last four digits to help with payment and order tracking.
You may also consider securing cyber liability insurance. While this obviously isn’t a free strategy, it makes sense for some businesses depending on their data collection processes.
Are your business’ procedures for processing credit card payments as secure as they could be? Do an audit of your strategy and adjust whatever you need to so that your business and your customers are protected.
A Little PCI Compliance Secret To Save You Money…
Many small businesses may not realize that they are paying a higher tier of merchant processor fees/rates when they first begin operation. If you can prove that you are in PCI compliance and that you are mitigating your (and their) risk, you can reduce your rate! Depending how many credit cards you process and how much revenue your business is bringing in, this could save thousands of dollars each month.
If you want to see more details about PCI compliance and standards, review the Small Merchant Guide To Safe Payments.
Is Your Company PCI Compliant?
If you weren’t aware that this could be a risk for your company, there may be other areas where you need support to uncover potential problems and proactively protect your business and your customers. I’m here to help you identify possible risks to your business and help you mitigate them. Contact me today for a consultation.