Cybersecurity and Data Privacy
April 12, 2022
Choosing to accept credit and debit card transactions as a convenient form of customer payment comes with a responsibility to comply with card brand rules for protecting cardholder data. Collectively set by Visa, MasterCard, JCB, American Express and Discover, these rules are known as the Payment Card Industry Data Security Standards (PCI-DSS) and include annual employee training on how to properly accept, transmit and store card transactions and report card fraud and data breaches.
Every company that processes credit and debit card transactions must comply with PCI-DSS, no matter the volume of transactions, the channel used to take card information (in-person, on the phone or online) or the size of the business. In addition to setting payment security requirements for businesses, PCI-DSS requires merchants to “implement a formal security awareness program to make all personnel aware of the importance of cardholder data security” as well as educating personnel “upon hire and at least annually.”
According to Fundera, 80% of consumers prefer to pay with credit or debit cards over cash when making purchases. When a customer hands over a payment card to a business to make a purchase, it becomes the merchant’s responsibility to ensure the customer’s card will not be compromised, and that their personal details are secure and their identity cannot be stolen. When merchants fail to keep up with PCI-DSS regulations and training, it increases the risk of credit card fraud and data breaches.
A 2021 Verizon Payment Security Report found that 72% of companies failed to comply with PCI-DSS year-round. In Verizon’s 10 years of having a forensics team investigate PCI-DSS compliance, they have never found a company that was fully PCI-DSS compliant when its data was breached.
Here are 4 reasons why merchants should ensure employees complete annual PCI-DSS training:
- Annual PCI-DSS training is mandatory to compliance
Awareness training is a business’ best defense against credit card fraudsters and network hackers by ensuring employees remain vigilant in safeguarding cardholder information. Required PCI-DSS training for employees with access to card data promotes a security-conscious culture that complies with safety protocols and reinforces best practices in securely handling cardholder information and detecting and reporting suspected fraudulent activities and data breaches.
- PCI compliance protects the merchant
Credit card fraud is a multi-billion dollar crime. Ensuring merchants handle cardholder data securely helps to defend against card fraud and network attacks by hackers looking to steal cardholder data. It also boosts brand reputation by demonstrating that your business puts customer safety first.
- PCI compliance protects a merchant’s customers
Having their credit card information stolen by computer hackers remains a top worry of consumers.. Protecting cardholder payment information builds a trusted merchant-customer relationship that keeps customers coming back.
- PCI non-compliance can be costly
If non-compliant, a business can face fines of $5,000 to $100,000 per month or be stripped of payment processing services. Further, businesses liable for any fraud that takes place will have to compensate customers for losses, as well as the cost of credit monitoring fees, identity theft insurance and card replacement. Additionally, non-compliance can damage community standing and lead to potential lawsuits and other penalties.
Payment Card Industry Data Security Standards (PCI DSS) is a global set of security requirements for merchants and employees to follow when accepting, transmitting and storing credit and debit cards that ensures the data of cardholders is protected. Training employees annually on PCI compliance safeguards and best practices benefits merchants and their customers by defending against credit card fraud and data breaches.