The risks associated with data breach incidents are high for organizations of any kind and any size. But for small businesses, the impact can be even more devastating. The Ponemon Institute’s annual U.S. Cost of Data Breach Study tracks a wide range of cost factors, including expensive expenditures for detection, escalation, notification and response, plus:
– Legal, investigative and administrative expenses;
– Customer loss and reputation management, and
– Costs associated with customer support (such as information hotlines and credit monitoring subscriptions).
“In the five years we have conducted this study, we have continued to see an increase in the cost to businesses for suffering a data breach,” said Dr. Larry Ponemon, chairman and founder of The Ponemon Institute. “With a variety of threat vectors to contend with, companies must proactively implement policies and technologies that mitigate the risk of facing a costly breach.”
Adhering to Payment Card Industry (PCI) regulations is one of the best ways to reduce your risk of data breach. Additionally, all parties involved in the payment process have a responsibility to remain compliant. This includes merchant service providers, financial institutions, card issuers and businesses. Many businesses accepting card payments have experienced the hardship of a network penetration and data breach when PCI compliance could have made all the difference in offering the right protection.
PCI compliance refers to meeting and adhering to the PCI Data Security Standard (PCI DSS) established by the Payment Card Industry Security Standards Council (PCI SSC). Understanding PCI compliance and how to achieve it is critical to reducing the risk of experiencing a compromise (incidents involving an electronic or physical breach of cardholder information and/or card data) within your organization.
The PCI DSS encompasses a set of requirements established to ensure that all merchants who process, store or transmit credit card information maintain a secure transaction environment. It’s important to note PCI DSS compliance protects both the merchants and their customers. The PCI DSS states that vulnerabilities are continually being discovered by malicious individuals and researchers, and being introduced by new software.
This instance refers to electronic breaches which involve data vulnerability in transit and storage, application-level attacks via web servers or websites, private key mismanagement and unauthorized access to encryption keys, identity and access related to user ID/ password based security, misconfigurations and other administrative network performance problems.
A physical breach is the theft of documents or equipment such as cardholder receipts, files, personal computers, point-of-sale (POS) terminals, etc. Skimming is the theft of magnetic stripe data illegally captured with the use of an external device such as a card reader or pad attached to an ATM or POS terminal. That information is then used to create counterfeit payment cards.
Data minimization is a powerful element of keeping your business compliant to reduce the threat of data breach; other tips include the following. Don’t collect information you don’t need, and reduce the scope of sensitive data by limiting the number of places where you retain it. Grant employees access to sensitive data only as needed and keep current records of who has access to it while your company’s possession. Purge the data responsibly once the need for it has expired. For additional detailed information on PCI DSS requirements visit www.pcisecuritystandards.org .
To find out how your organization can obtain fraud protection and reduce your risk of data breach, please contact us today. Get industry leading payment security and peace of mind with goEmerchant.
