• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Facebook
  • Instagram
  • LinkedIn
  • Twitter
  • YouTube
Big Ideas for Small Business logo

Barbara Weltman

Big Ideas for Small Business, Inc.

Whitepaper download

Subscribe and download our eBook, "150+ Tax Deductions for Small Business A to Z."

This field is hidden when viewing the form
Get the:

  • Home
  • About Us
  • Big Ideas For Your Business
    • Idea Of The Day ®
    • SMB Legal
    • SMB Taxes
    • SMB Financial
    • Small Business
    • Newsletter Archive
  • Services
  • Books
  • Blog
  • Multimedia
    • Videos
    • Radio Shows/Podcasts
  • Be a Guest Blogger

Payment Card Security Revisited

October 4, 2018 / By Barbara Weltman

Payment Card SecurityNearly half of all data breaches are aimed at small businesses and occur through the acceptance of credit cards. Last year we posted a blog on this topic and want to update it in light of the Verizon 2018 Payment Security Report (you have to give your name, email, and company in order to download it); here’s an executive summary of the report. Some of what follows is a repeat of the prior blog which, from the Verizon report, was not taken too seriously by many businesses.

Trends in payment security

The Payment Card Industry Data Security Standard (PCI DSS) helps businesses that offer card payment facilities protect their payment systems from breaches and theft of cardholder data. The Verizon report found that for the first time in 6 years, payment security compliance was down. In 2018, only half (49%) of organizations worldwide are leveraging PCI DSS compliance efforts to meet other security requirements.

Compliance protocols

All organizations, including payment service providers, merchant processors, online merchants, and face-to-face merchants, that store, process, or transmit payment card data are mandated by VISA, MasterCard, Discover, American Express, and other payment brands to comply with PCI DSS Standards. These are standards created by the PCI Security Standards Council, which was founded in 2006 by American Express, Discover, JCB International, MasterCard, and Visa.

There are 12 key requirements to being secure (some are technical while others are basic business practices):

Goals PCI DSS Requirements
Build and maintain a secure network and systems 1.      Install and maintain a firewall configuration to protect cardholder data

2.      Do not use vendor-supplied defaults for system passwords and other security parameters

Protect cardholder data 3.      Protect stored cardholder data

4.      Encrypt transmission of cardholder data across open, public networks

Maintain a vulnerability management program 5.      Protect all systems against malware and regularly update anti-virus software or programs

6.      Develop and maintain secure systems and applications

Implement strong access control measures 7.      Restrict access to cardholder data by business need to know

8.      Identify and authenticate access to system components

9.      Restrict physical access to cardholder data

Regularly monitor and test networks 10.  Track and monitor all access to network resources and cardholder data

11.  Regularly test security system and processes

Maintain and information security policy 12.  Maintain a policy that addresses information security for all personnel.

Source: PCI Security Council

How to become compliant

According to the Verizon report, only 40% measure their PCI compliance annually for compliance validation purposes. Less than a quarter (19%) measure and report their PCI DSS compliance monthly. If you are concerned about payment card security for your business, review your current security measures.

  • Understand the 9 factors of control effectiveness and sustainability. These factors were developed by Verizon to help meet the 12 key requirements discussed earlier:
    1. Control environment
    2. Control design
    3. Control risk
    4. Control robustness
    5. Control resilience
    6. Control lifecycle management
    7. Performance management
    8. Maturity measurement
    9. Self-assessment
  • Do a self-assessment of your cardholder data using PCI’s Self-Assessment Questionnaire.
  • Talk with your IT person. Hopefully, the person is versed in PCI DSS. If not, they should be able to refer you to someone who is. As an aside, my IT person told me that it’s easier for small businesses to be compliant because the tech stuff is easy to handle and the non-tech stuff (e.g., limiting personnel who can access computers) is better controlled in small companies.
  • Work with your credit card processor. Your bank or other credit card processor is your active partner on PSI DSS compliance, and should be an excellent resource to assist you in becoming and maintaining compliance.
  • Work with a national PCI DSS expert. Once this expert certifies that you’re compliant, the costs of dealing with a data breach will be far less than if you were noncompliant.

Conclusion

Consider carrying cyber liability coverage for protection, but be sure to check whether data breaches are explicitly covered. Learn about PSI DSS compliance with this helpful guide.

Tags credit card payments credit card processor credit card security payment card security payment security

Primary Sidebar

Categories

  • General Business (498)
  • Guest Blog (109)
  • Homepage (21)
  • Small Business (990)
  • SMB Financial (322)
  • SMB Legal (66)
  • SMB Taxes (324)

Barbara’s Recent Posts

  • Scale Your Business by Stepping Up IP Protection May 29, 2025
  • Disasters Happen: It’s Important to Be Prepared Now May 27, 2025
  • How Work Order Software Transforms Small Business Operations May 26, 2025
  • The Numbers Are Up for Sole Proprietorships May 22, 2025
  • New Business or Project Crowdfunding: What To Know May 20, 2025
  • Old-School Estimating vs. Smart Solutions: What’s Really Holding You Back? May 19, 2025
  • Employees Getting Called to Public Service: What to Know May 15, 2025
  • Not Too Late to Prep for Summer Now May 13, 2025
  • How Will the Next Generation of Learners Affect the Workplace May 12, 2025
  • Moms Know Best: Lessons for Entrepreneurs May 8, 2025
  • Mental Health Challenges in the Workplace May 6, 2025
  • Let’s Celebrate Small Business! May 1, 2025
Awarded Top 100 Small Business Blog medal (link will open in a new window or tab)
Marquis Who's Who 2023 Badge
Top Small Business Blogs (Link will open in a new window or tab.)
8 Financial blogs small business Owners Need to Read. Invoice home.  (link will open in a new window or tab)
Best Small Business Blog, Expertido.org
Top 50 Small Business Blogs 2018
Best Small Business Blogs
BizHumm Top 100 Business Blog Award to Barbara Weltman
FitsSmallBusiness.com: Award for Best Small Business Blog 2017 (link will open in a new window or tab)
FitsSmallBusiness.com: Award for Best Small Business Blog 2016 (link will open in a new window or tab)

Footer

Big Ideas for Small Business logo

Small business ideas, business tax news and small business consulting from Barbara Weltman to provide business owners with the information they need to succeed. Visit our small business blog, Idea of The Day®, small business books and articles on small business taxes, small business finance and small business legal advice.

Contact Us

[email protected]

(772) 492-9593

gacor maxwin situs slot thailand terpercaya situs slot gacor situs gacor akun pro thailand slot bandar togel terpercaya

Latest Tweets

bigideas4sb Big Ideas for Small Business® @bigideas4sb ·
May 31

Starbucks Rediscovers Its Human Side - Branding Strategy Insider https://bit.ly/3H9KwHP #smallbusiness #branding #marketing

Reply on Twitter 1928884285445931367 Retweet on Twitter 1928884285445931367 Like on Twitter 1928884285445931367 2 Twitter 1928884285445931367
bigideas4sb Big Ideas for Small Business® @bigideas4sb ·
May 31

New Business or Project Crowdfunding: What To Know - https://bit.ly/43nclnL #startups #loans #crowdfunding #smallbusiness

Reply on Twitter 1928862798886441182 Retweet on Twitter 1928862798886441182 Like on Twitter 1928862798886441182 1 Twitter 1928862798886441182
bigideas4sb Big Ideas for Small Business® @bigideas4sb ·
May 31

10 Simple Ways to Get Employees to Quit — Improve Your HR https://bit.ly/44KRu01 #smallbusiness #workplace #hiring #employees

Reply on Twitter 1928844506998136977 Retweet on Twitter 1928844506998136977 1 Like on Twitter 1928844506998136977 1 Twitter 1928844506998136977
Load More

Copyright © 2008–2025 Big Ideas for Small Business, Inc  |  Designed by Hudson Fusion

  • Privacy Policy
  • Sitemap