Wednesday, July 13, 2016
The PCI Security Standards Council (PCI SSC) launched a new set of resources July 7, 2016, specifically designed for small business owners. The global forum, based in Wakefield, Mass., best known for establishing the PCI Data Security Standard (PCI DSS), is also responsible for the developing, managing and broadening awareness of PCI DSS and payment data security best practices. To stem the growing tide of cyberattacks against small and midsize merchants, the council formed a Small Merchant Taskforce to identify vulnerabilities in small business payment systems and create targeted solutions to help business owners protect and secure cardholder data.
Some of the PCI DSS guidelines contain complex, technical terms and legalese that can be difficult for small merchants to comprehend. PCI Security Standards Council General Manager Stephen Orfei saw a need for clear guidelines written in accessible language with graphical displays to illustrate key points.
"The market has been in desperate need of easy-to-understand payment security resources for small businesses," he said. "Working with a global, cross-industry taskforce representing merchants, banks, merchant associations, technology and service providers, and other small merchant partners, we're pleased to provide practical guidance to small businesses on how they can start protecting themselves against cybercriminals."
"Most small businesses have never heard of the PCI Data Security Standard, let alone read it," added Troy Leach, PCI SSC Chief Technology Officer. "If they did read it they probably would need a background in both information security and payment processing to best understand the requirements."
The newly published Guide to Safe Payments can be found on the PCI SSC website; printed versions are also available. Banks and processors can download, brand and distribute the reference guide to their small business customers. The council has published additional insights, including Focusing on the Fundamentals: Payment Protection Resources for Small Businesses in their PCI Perspectives blog site.
Following are highlights of the small merchant series documentation:
Taskforce co-chair David Matthews, General Counsel of the National Restaurant Association has seen considerable risk of data breaches among small restaurateurs. The new guidelines provide best practices and tools that can help small and midsize restaurants protect against cyberattacks, he said. "We specifically ask those working directly with the small business community to use these resources to educate companies on ways they can improve their security while simplifying their responsibility, so they can focus on other aspects of their business," he added.
The Small Merchant Taskforce plans to continually update and promote the small merchant payment protection resources, especially in the growing ecommerce sector, where additional tools and guidelines are needed, Leach stated. He pointed out that many small merchants rely on financial institutions, processors and third-party vendors for guidance on credit card processing; he urged these partners to include security in the dialog.
Leach also noted that education is a critical first step in protecting small businesses from data breaches. For example, many small merchants don't understand the importance of changing vendor default passwords, or how to change them. "As an industry, if we can help these companies understand their risk, security basics to protect against data theft, and where to go for help, we'll have made a substantial shift in cardholder data security for the entire payments ecosystem," he said.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.