The security of cardholder information is important to both your customers and your business. In fact, since 2005, there have more than 1 billion stolen records in over 2,000 separate data breach incidents – with payment card data being the theft target in 48 percent of all breaches in 2011 alone.1 And yet, only 4 percent of all breached organizations were PCI compliant at the time of their data breach.2,3
Are you doing everything you can to protect your business and cardholder data?
What Is PCI DSS?—Watch Our Video
The Payment Card Industry Data Security Standard (PCI DSS) was created by the major credit card companies as a guideline to help business owners implement the necessary hardware, software and other procedures to guard sensitive credit card and personal information. More...
The object of becoming compliant with PCI security standards is to help protect sensitive cardholder data from data thieves who are shifting their sights to small merchants because they think they are easier targets. If your business fails to become PCI compliant,3 you could be putting your business at greater risk from the growing threat of payment card data breaches and theft, which may result in substantial penalties (such as fines from banks, regulatory agencies, and card organizations), fraud and charge backs, as well as legal costs and lost customers.
Cardholder security is our first priority at First Data. Let us help you meet PCI compliance standards to protect your business.3
How Can I Become PCI Compliant?—Step-by-Step SAQ Tool
As the processor for your payment card transactions, we have arranged PCI DSS compliance services through the First Data PCI Rapid Comply® solution. The PCI Rapid Comply solution is an easy-to-use online tool that can help you achieve and maintain PCI DSS compliance more quickly and easily. It offers: More...
However you are free to obtain PCI DSS compliance services from third party vendors.
The benefits of using the First Data® PCI Rapid Comply solution are that it is offered by and integrated with your merchant services provider. The PCI Rapid Comply solution includes a guided, step-by-step SAQ tool help to complete the annual questionnaire with ease, an integrated scanning tool for merchants that are required to pass quarterly scans and comprehensive support available online and via chat, email and phone to ensure your questions get answered.
There are multiple ways to get started with the PCI Rapid Comply solution:
If you choose to use a third-party vendor for PCI DSS compliance services, you will need to contract with and pay that vendor directly. In addition to your alternate vendor’s charges for PCI DSS compliance services, you still will need to pay the Compliance Service Fee charged to you by your merchant services provider. The Compliance Service Fee is not affected by your choice to use a third-party vendor. If you fail to become PCI DSS compliant or to report your PCI DSS-compliant status via a third-party vendor to First Data, you may also be charged a monthly Non-Receipt of PCI Validation fee by your merchant services provider until such time as you become PCI DSS-compliant or report your PCI DSS-compliant status to First Data.
If you choose a third-party vendor for PCI DSS compliance services, you will need to ensure your PCI DSS compliance status is reported to First Data.
How Else Can I Protect My Business and Cardholder Data—The First Data® TransArmor® Solution
You can add another layer of card data protection—and reduce the scope and cost of PCI compliance—by using a terminal equipped with the First Data TransArmor solution. The TransArmor solution uses encryption and tokenization so your systems never hold the actual card numbers from the transactions you process. The TransArmor solution is available on new terminals and many older terminals.
What Happens If I Don’t Become PCI Compliant?
If your business fails to become PCI compliant,3 you could be putting your business at greater risk from the growing threat of payment card data breaches and theft, which may result in substantial penalties (such as fines from banks, regulatory agencies, and card organizations), fraud and charge backs, as well as legal costs and lost customers. More...
If you fail to become PCI DSS compliant or to report your PCI DSS-compliant status via a third-party vendor to First Data, you may also be charged a monthly Non-Receipt of PCI Validation fee until such time as you become PCI DSS-compliant or report your PCI DSS-compliant status to First Data.
If your business experiences a data security breach, you could even lose your ability to process credit card payments. Perhaps more importantly, you risk the loss of customers. Research shows that 43% of customers who have been victims of fraud stop doing business with the merchant where the fraud occurred5
If your business is being charged a fee for non-compliance with PCI DSS, click here to learn what you can do.
What Does PCI Compliance Cost?
With the First Data PCI Rapid Comply solution, there are no new or additional charges. The Compliance Service Fee charged to you includes your annual PCI self-assessment questionnaire (SAQ) and quarterly scans, if needed, which are offered in our PCI Rapid Comply solution.
If you fail to become PCI DSS compliant or to report your PCI DSS-compliant status with a third-party vendor to First Data, you may also be charged a monthly Non-Receipt of PCI Validation fee until such time as you become PCI-DSS compliant or report your PCI DSS-compliant status to First Data.
Merchant Experiences: Costs of Card Data Theft
Did you know that a card data theft can cost your business over $100,000? See below case studies/testimonials from small business owners who have had between $120,000 - $612,000 in losses from data security breaches, from hacking, malware attacks, and phishing scams. Get PCI compliant now to help protect your business from these losses. More...
Pono Products, Inc. (Reuseit.com)
April 9, 2012
1,000 records compromised
A hacker or hackers were able to intercept customer information online between August 22 and September 28 of 2011. Customers who were affected may have had their login, password, and credit card information obtained. Anyone who used the same login and password combination for reuseit.com and other websites should change their password.
TryMedia (TM Acquisition - TryMedia is a division of RealNetwork.)
January 30, 2012
12,456 records compromised
Try Media's ActiveStore application was attacked by intruders who were able to intercept and obtain the credit card information of customers. Credit card numbers, expiration dates, security codes, addresses, email addresses, and passwords to user accounts for transactions that occurred between November 4, 2011 and December 2, 2011 were accessed.
Small Dog Electronics
March 3, 2010
Security Breach Method: Hacking
After Small Dog began collecting and matching customer donations for Haiti relief efforts, a hacker breached the website and began stealing customer credit card information. The breach lasted from December 2009 to January of 2010. Three thousand customer records were stolen.
Estimated merchant cost: $612,000
In August 2006, Carla, a small business owner, experienced a data security breach at her restaurant. “I felt I had been blindsided…I was not aware that could ever happen to me.”
“We did end up spending about $120,000 on everything involved, forensic investigator, attorneys’ fees…mainly on the fees that we had to pay MasterCard and Visa.” Carla was shocked to learn that the credit card companies have authority to dole out fines.
Based on a 2010 study, 3 out of 5 small merchants continue to be unaware of their liability in the event of a data breach. The study’s respondents didn’t realize the potential ramifications of noncompliance, including potential fines of thousands of dollars and a per-card fee for each card that has to be cancelled.
Source: RSPA Publications Small Merchant Data Security Study by First Data and National Retail Federation 2010
1Verizon 2010 Data Breach Investigations Report. March 2012
3Ponemon Institute 2010 U.S. Cost of a Data Breach. March 2011
4Javelin Strategy and research. June 2009