We hate to be the bearers of bad news, but compliance with the Payment Card Industry Data Security Standards (PCI DSS) designed to guard against breaches of consumer card data continues to be problem for small merchants. Consider the results of a recent poll by the Payment Card Industry Security Standards Council, which found that only 29% of small business owners were truly aware of the PCI compliance standards and only 11% were actually in compliance. Meanwhile, statistics released by Visa USA indicate that more than 80% of its non-compliance issues originated the smallest merchants.

Sure, it costs money to become PCI-compliant, but these expenditures pale in comparison to the price of non-compliance. For one thing, the tab for non-compliance begins not when a data breach actually happens, but at the moment a store, restaurant or other establishment is suspected of having experienced one. Depending on the complexity of systems involved, a mandatory forensic investigation by PCI DSS-certified security examiners can bring a business to a halt for several days to several weeks, interfering with sales, profitability, and productivity.  And who gets stuck with the bill for such an examination, no matter its outcome? The merchant or restaurateur, that’s who. And the “damage” can range from $8,000 to $20,000, depending how deeply investigators had to dig and how many different systems they evaluated.

Adding insult to injury, if examiners discover that a breach has indeed occurred, the affected merchant will bear other expenditures, including $3 to $10 per replacement card per individual whose card data was breached; $5,000 to $50,000 or more in compliance fines; and other fines for actual fraudulent use of compromised card numbers. In short, non-compliance expenditures are significant enough to ruin a small business very fast.

The good news:  adherence to the PCI DSS provides a safe harbor from many of the above-mentioned fines and penalties levied, as long as the operator whose system was breached was PCI-compliant at the time of the incident.  At pcAmerica, we take the security of customer card holder data very seriously. To find out more about pcAmerica’s PCI compliant software and how to achieve PCI DSS compliance, visit www.pcamerica.com.