Back to Newsletter Archive

January 2014 ~ Volume 1

PCI Issues Should be as Important as Protecting Customer Health

Retailers spend thousands of dollars a year to protect their customers from food safety issues, bad or harmful products and other issues that might void the trust their clientele places in them.PCI Info Graphic 4

Yet, many merchants still are not sufficiently protecting their patrons payment card data a measure that also promotes trust and customer loyalty and ensures that customers feel safe spending money in their stores.

Customer goodwill is what is important to them (retailers), said Sword & Shield Payment Card Security and Compliance Practice Lead Brad Shifflett.

The Payment Card Industry (PCI) Security Standards Council says that compliance with PCI regulations is vital for all merchants who accept credit cards, online or offline, because, nothing is more important than keeping your customers payment card data secure.

Shifflett said that, in addition to the loss of trust, merchants also risk paying high-dollar fines that could drastically hurt the bottom line and could even put some smaller companies out of business.

Sword & Shield Principal Consultant John Harmon points out that budgeting for a proper PCI assessment is actually less expensive than trying to clean up after a public relations disaster like the issues the retail giant, Target, is facing after learning of a Point-of-Sale data breach.

If youve been selling bad gasoline that breaks peoples cars, no one will want to come to your store, Harmon said. They would rather wait in lines around the block at (another gasoline station) than come to you.

In 2013, Symantec Corporation and Ponemon Institute estimated that organizations in the United States, on average, spent $188 per record when their networks or data are breached. The figure includes fines, loss of customer trust and loss of business.

Sword & Shield analysts recommend a holistic approach to protecting your customers data, which includes a risk assessment to identify threats and vulnerabilities, a Report on Compliance (ROC), quarterly scanning by an approved Authorized Scanning Vendor (ASV) and a gap analysis that reviews a companys security processes and controls.

You also need to know how to stop it as soon as possible should you detect a breach, Shifflett said. Everyone has the potential to be hacked. Its important that logging and monitoring be in place so that Visa isnot the one who has to notify you in the event of a breach.

Sword & Shield works with customers to help them understand PCI requirements.

We help you avoid making the news, Harmon said.

Back to top