How Data Breaches Impact the PCI Compliance Process
With the Target data breach all over the news and the Internet, it's no wonder why data security and the PCI compliance process is one of the most popular topics of conversation in our industry right now. The latest figures I saw this week from Bank Technology News said that as many as 110 million Americans are now believed to have been impacted by the breach that took place over the holidays. That's an astounding figure, and means that one out of every three people was impacted by the breach.
The scope of this breach is a wake up call for both the retail and payments industries. Not only does it create enormous amounts of work for the retailers and consumers involved, but also as a financial institution, I'm sure you know all too well just how costly it is to alert customers to the breach and then reissue cards.
In addition to raising questions about the impact this breach will have on the adoption of EMV, many are also talking about the PCI Data Security Standard and are wondering about the merchant's role in protecting the payments system.
Of course this all boils down to good old-fashioned finger pointing, but there is no denying the fact that now is the perfect time to talk to your merchants about the importance of the PCI compliance process.
In fact, the type of PCI compliance program that you have in place can be a major differentiator for your financial institution's merchant services program. We hear all the time about merchants that are frustrated because they're paying highly monthly or annual PCI compliance fees and are not getting a lot in return.
This begs the question, how does your merchant services provider handle this important topic? Merchants need a fast and easy way to complete their PCI questionnaire, and more importantly, it's critical that they are given actionable information so that they can help protect their business and their customers from the harmful and costly effects of a breach.
Then of course there's the subject of fees. Most merchant services providers claim to support merchants through a variety of security-related services, but how many put their money where their mouth is and don't charge them an arm and a leg? I suggest that you carefully examine all of the costs your merchants are paying for data security-related services, and see if your processor has a program where your merchants can avoid costly PCI compliance fees.
It's important to remember that we all play an important role in the security of the payments value chain. Whether you are a merchant, a financial institution, or a merchant services provider, it's important that we all work together to help stand up to card fraud and make sure that we continually educate merchants and customers on this important topic.
I'm curious to know how your merchant services provider handles the PCI compliance process. Has it been a positive experience for you and your merchants?
If you would like additional information to help protect your merchants, the card associations have published a lot of great resources about best practices for cardholder security. Below are descriptions and links to several Visa resources that you can share with your merchants.
Reducing Counterfeit Fraud Through Acceptance Best Practices
This guide provides card-present merchants with best practices they can use at the point-of-sale to reduce their exposure to counterfeit transactions.
Global Visa Card-Absent Merchant Guide to Greater Fraud Control
Geared towards merchants who process card-not-present transactions, this guide provides detailed information about PCI compliance and Visa's security tools.
Card Acceptance Guide for Visa Merchants
This guide is applicable to all merchants that accept Visa transactions in the card-present and card-absent environment and provides up-to-date information and best practices for processing Visa transactions while minimizing risk of loss from fraud.
Visa e-Commerce Merchants' Guide to Risk Management
Designed for e-Commerce merchants, this guide offers an in-depth look into the tools and best practices needed to build a secure Internet business.