Are You PCI DSS Compliant?

 

                Many chiropractors who run a cash-based practice are making a mistake that can cost them tens of thousands of dollars… and they don’t even know it! The major card brands, including Visa and MasterCard, established the Payment Card Industry Data Security Standards (PCI DSS) in response to security breaches at businesses both large and small. The PCI DSS created security guidelines that merchants must follow in order to reduce the risk of cardholders’ data being stolen, either by hackers, thieves or even employees. Failure to follow these guidelines can result in fines as high as $25,000 per incident. In addition to that fine, merchants can be held financially responsible for any fraudulent use of the card data. Worst of all: compliance with these guidelines is not met by many common mistakes!

                  If the way that you transmit or store the cardholder data can result in breaches of cardholder data security without your knowledge, you are vulnerable to theft and hacks which can result in extreme losses to your business and customers. This means, that if you store the cardholder data in a log book, file cabinet, tickler-reminder system, or spreadsheet with the purpose of entering them into a credit card machine every month, it is a clear violation. If the full account number can be seen from the system that you use, then it is not PCI DSS compliant.

                Don’t think it can happen to you? Hackers and thieves see small businesses as easy targets because they are less likely to be unaware of PCI. Even high profile companies are vulnerable to credit card security breaches:

• CardSystems Solutions, Tucson, AZ- 40 million cards stolen
• Bank of America- loses 1.2 million customers records from stolen backup tapes
• BJ’s Wholesale Club stores- 8 million members; unknown how many credit card numbers were stolen
• T.J. Max- 45 million credit card and debit card numbers stolen.

Want the good news? Since June of 2005, it has been your responsibility to protect your business and follow these guidelines. As Cash Practice® System members, you are meeting the PCI requirement to not keep credit card information on file. Protect your company and your customers against fraudulent activity! Want more information on how this is being done? Be sure to read next month’s blog about the security steps that the Cash Practice® System takes in order to keep you PCI DSS compliant.  If someone you know is violating the security standards, be sure to have them call us at (877) 343-8950 to see how we can help!

Become a fan of our Facebook page!