If your company is not fully compliant with Payment Card Industry (PCI) Security Standards, you could be at risk of a serious tangle with attorneys. Technically, PCI guidelines are not a hard-and-fast set of laws. However, merchants can still face big liabilities for not meeting them. Avoid these mistakes to keep your company out of hot water:
- Storing Cardholder Data In Noncompliant ProgramsMany states have laws regarding data breaches and, depending on where you accept cards, you may be subject to many of them. Remember that you need to be compliant not only in Mississippi, but in any state where you may accept credit cards.
- Fibbing On The Self-Assessment QuestionnaireIf you have considered tampering with the reports from your company’s Approved Scanning Vendor, think again. Time invested now to fix any holes in your data security system could save you big-time from the penalties your company could suffer if there’s ever a data breach.The same thing applies to simply “fudging the truth” on self-prepared compliance reports. Even if you think it’s a harmless stretch of the truth, don’t do it (we've seen this one more than we care to discuss).
- Not Using The Right Qualified Security AssessorMany companies use Qualified Security Assessors to help them maintain their PCI compliance. Every QSA does not necessarily know as much as another, however. It’s important to select someone who both understands your business and stays up-to-date on the latest version of PCI Security Standards.
- Trying To Resolve Data Compromises Under The RadarYou may be tempted to fix a customer’s complaint yourself if they inform you of a data compromise. Not informing credit card companies of data breaches, however small, can lead to you no longer having access to their services. Those credit card companies can then file suit against your company, costing you big bucks in the end.
- Not Checking ID For Point-Of-Sale Credit Card UseSometimes it seems like no one checks IDs against the credit cards being used, so merchants tend to be lax about doing so. Unfortunately, running just one unauthorized credit card could cost you a lot in the long run.
Not only could be in trouble with state laws regarding PCI compliance, a civil suit may come against your company for any data breaches. The court will not favor you if you have not been PCI-compliant.
All in all, it pays to pay attention to PCI compliance – a little time invested today could save you big-time tomorrow.
Give us a call for assistance with your PCI Compliance.