Avoid fines in a data breach: Be sure you’re PCI Compliant

John Mayleben Owner, Next Corner Consulting, Former Senior VP at MRA


Are you ready?

Over the years, the efforts around data security have moved from understanding how to tear the carbon paper on the sales draft in half without getting your fingers dirty to making sure your systems (both physical and digital) are built in such a way to protect your customer’s data from the bad guys.

While we all may wish for the “old days” and the ease of doing business, those stories should be saved for those moments when one of your youngest employees asks about “those days” …

Today, you need to be paying attention to many different things and documenting that you have made the appropriate adjustments to your business practices. For businesses that accept payment cards for goods or services, that means completing the appropriate Self-Assessment Questionnaire (SAQ) and signing the Attestation of Compliance. Failure to do so can jeopardize all of the work that you have done to make your business a success.

As a merchant processing with Michigan Retailers Association, you have a number of resources available to you to help with this process. First, we only install or program terminals that meet the current PCI standards for hardware to protect the data in those terminals. These include chip card readers and anti-tamper protections. This prevents a bad guy from accessing card data from the physical terminal without your knowledge.

The other side of data protection is dependent on you and your employees understanding and managing the various aspects of card data security. We have partnered with a vendor, Control Scan, to help you understand and document these steps. To start the process, you should visit www.compliance101.com  and click on the “get started” button.

This website is designed to help you successfully complete the SAQ that is associated with the way you handle card transactions and it will, in the end, complete the attestation of compliance that is required – annually – for any merchant that accepts payment cards for goods or services.

Once you complete this process, you will be prompted each year to renew it and you will have to update it during the year if you make any changes (new terminal, add or delete a web site, etc.)

Failure to complete the SAQ can create a situation where you will have increased fines and penalties from the card brands and/or government organizations if you have a data breach. Taking a couple of minutes now will save your company many hours of frustration in the future.

As always, MRA help desk staff are available to answer any questions about this or any other payment processing issues at 800-563-5981, option 2.