PCI Compliance: What You Need To Know

A common misconception by many businesses is that they simply don’t need to worry about PCI compliance. This couldn’t be further from the truth. If you accept credit cards, you are required to be PCI compliant. If you are not, your dealership can face steep fines.

You are solely responsible for securing your customer cardholder data to meet Payment Card Industry rules. Small businesses are prime targets for data thieves … in fact, they are some of the biggest targets because they are the easiest targets. It’s your job to protect cardholder data at the point-of-sale. If cardholder data is stolen (and it’s your fault) you could incur fines, penalties, even termination of the right to accept payment cards, which could have major consequences for your dealership.



Why does PCI Compliance matter for your dealership? According to the PCI Security Standards website, more than 340 million computer records containing sensitive personal information have been involved in security breaches in the U.S. since 2005. Criminals target independent merchants because most have minimal security for cardholder data. More than 80% of attacks target independent merchants.

If you are at fault for a cardholder security breach, your business can face:

1. Fines and penalties

2. Loss of the ability to accept payment cards

3. Cost of reissuing new payment cards

4. Legal costs

5. Fraud losses



What Should You Secure? Focus first on protecting the cardholder data under your control. You are responsible for protecting cardholder data at the point of sale, and as it flows into your credit card payment system. The single best step you can take is to not store any cardholder data outside of a secure payment gateway.

PCI Compliance Protection needs to include the following:

1. Card readers

2. Point of sale systems

3. Store networks & wireless access routers

4. Payment card data storage and transmission

5. Payment card data stored in a paper-based record

The PCI Security Standards website is an invaluable resource for businesses working to be PCI compliant. Their suggestions include:

1. Use only approved PIN entry devices at your point-of-sale.

2. Use only validated payment software at you POS or website shopping cart.

3. Do not store any sensitive cardholder data on computers or on paper.

4. Use a firewall on your network and PCs.

5. Make sure your wireless router is password protected and uses encryption.

6. Use strong passwords.

7. Regularly check PIN entry devices and PCs to make sure no one has installed rogue software or “skimming” devices.

8. Teach your employees about security and protecting cardholder data.

9. Completion of the annual SAQ is REQUIRED and a quarterly or annual “Network Vulnerability Scan” may also be required.

The bottom line is that PCI compliance DOES MATTER no matter what the size of your business. We understand that it can seem cumbersome, but that’s no reason to put it off or ignore it. The livelihood of your dealership may be at stake if you suffer a data breach.

–Brought to you by Novera Payment Solutions.

For more information on securing payment processing and cyber data read Cybersecurity Basics.

Leave a Reply

Your email address will not be published. Required fields are marked *