So it’s that time of year again. You get the email that it’s your anniversary date for PCI compliance and you have to take that stupid survey. Again. Don’t they know how busy you are trying to run your business? Why do you even have to DO this?
As much as I hate to sound like a nag, it really is an important part of your organization’s financial well-being. As we get closer to the new reality of EMV which takes effect on October 1st, criminals are seeing their final opportunities at grabbing the low hanging fruit. Thieves are especially adept at finding the paths of least resistance (i.e. sloppy operational controls) to gain access to you or your customers’ cash. What procedures can you put in place that are easy for you and your staff to make your organization less vulnerable?
- Follow the rules of PCI compliance—Don’t keep your customers’ credit card numbers. Although it may save time to simply have access to long-term clients’ information for ongoing charges it simply is not worth the risk. If the card companies discover that a breach occurred because you had a customer’s credit card number under your desk blotter YOU could be held responsible. In some cases you may have your ability to process cards revoked by the card companies. ALWAYS use a 3rd party—eProcessing, Payeezy, or other gateways—for this service.
- Limit access to your terminal or Point-of-Sale system. The device that you utilize to process cards is actually a portal into your bank account and yields access for a thief to charge against your customers’ cards.
- Always reconcile your bank statements with your merchant service statements. If you don’t understand a line item call either your bank or your processor. Don’t wait until the end of the year or tax time. Do this every month.
These 3 simple steps can make your organization less desirable for thieves AND it lets your staff and customers know that you are conscientious with financial matters.