It seems every few months, we see another news story about a retail or restaurant company that has had customer data breached. And while the big stories make the news, criminals more often target small businesses that have fewer resources to protect themselves.
Are you at risk?
- 58% of breaches impact smaller businesses (1)
- 82% of breaches in the world occur in the USA (2)
- Only 55% of merchants are fully PCI compliant (3)
When your customers’ credit card numbers are stolen, often they simply receive a new card and the unauthorized purchases are removed from their bills. And that’s that. But someone has to pay for the stolen information—and if the breach occurred at your restaurant and you are deemed non-compliant with PCI security requirements, the liability could be yours.
What is PCI?
The Payment Card Industry Data Security Standard (PCI DSS, or PCI) is a set of payment security standards agreed upon by financial institutions. It was founded in 2006 by the major credit card companies, including American Express, MasterCard and Visa.
Any time you sign an agreement with a credit card processor, you are also agreeing to comply with PCI standards—and that if you fail to comply, you will be held liable for any data breaches originating from your business.
How much could a data breach cost your business?
- Globally, the average cost of a data breach for a company is $3.86 million
- U.S. based breaches are the most expensive, costing $7.91 million on average, with notification costs of $740,000 (4)
Since PCI applies to anywhere credit card information is stored, the best way to reduce your associated risk and cost is to reduce your PCI scope.
Reduce your PCI scope and risk of breach, fraud, and chargebacks by:
1. Using tokenization.
Tokenization replaces sensitive customer payment information with a non-exploitable representation, or token. One of the most effective methods of minimizing PCI compliance scope, tokenization ensures that your point of sale system never stores unsecured cardholder data, and is highly recommended by PCI DSS.
2. Using Point-to-Point Encryption (P2PE).
P2PE protects cardholder data in transit. Card data is encrypted at the card reader, rendering it unusable until it reaches your payment processor. This protects the information in transit from being intercepted, because even if a hacker is able to get their hands on it, it is useless to them.
3. Reduce risk of fraud and chargebacks by ensuring credit card transactions are EMV and card present.
Forty percent of worldwide card fraud losses are based in the USA.(5) And recent payment industry fraud prevention measures have made merchants, including restaurant operators, liable for chargebacks where fraud prevention technology is not in place.
You can protect your business from this risk and potential cost by upgrading to EMV chip card readers. With card-present EMV transactions, the encrypted chip on the card protects against fraud—and when you use EMV PIN pads to process payments, the liability for any associated chargebacks shifts to the card issuer.
And today, even delivery payments (including online orders) can be processed at the door with an EMV terminal at lower card-present rates.
SpeedLine Pay@ the Door provides protection against fraud and chargebacks on delivery orders, and reduces the cost of every payment transaction. And your customers’ information is kept more secure, as they are not giving their credit card number to your employees over the phone or online, but paying in person when they receive their order.
(1) Verizon data breach investigation report, 2018
(2) Breach level index report, 2017
(3) Verizon payment security report, 2017
(4) IBM cost of a data breach study, Ponemon Institute, 2018
(5) Card fraud worldwide, Nilson report, 2017
Posted on Wed, Aug 01, 2018 @ 09:08 AM.
Updated on July 10, 2019 @ 10:17 PM PST.
Posted by Elizabeth Kelly
As the Marketing Specialist for SpeedLine Solutions Inc., Elizabeth is the Managing Editor for On Point: The Restaurant Technology Blog. Have an idea for an article? Send her a message!| Author's website