PCI Council Puts Focus on Small Biz Payment Security

The PCI Security Standards Council (PCI SSC) has launched resources specifically for small businesses.

In the UK, about 60% of small businesses have suffered a breach, the group noted, yet many small businesses don’t have the resources or technical know-how to protect payment card data against theft. With simple diagrams and everyday language, the resources are designed to provide a common point of understanding between merchants, their banks, payment processors, and merchant vendors on why and how to protect against payment data theft.

The resources include:

  • Guide to Safe Payments: A basic guide to safe payments.
  • Common Payment Systems: Real-life pictures of merchant payment systems.
  • Questions to Ask your Vendors: Questions for merchants to ask their technology and service providers.
  • Glossary of Payment and Information Security Terms: A short glossary that simplifies technical terms.

“Small businesses around the world are a magnet for cybercriminals who are using automated tools to find easy-to-exploit opportunities,” said Troy Leach, CTO of PCI SSC. “With global migration to EMV chip technology, and increased prevalence of sophisticated point-of-sale (POS) malware, data security has become an issue for companies of all sizes. This is a great opportunity to empower small merchants to better protect themselves against increasing threats through awareness of how payments work and how to minimize risk of exposing their customers' cardholder data.”

He added, “One of the biggest challenges they face is that so much of what’s out there right now is just too complex for the small business and quickly falls back to unnecessary acronyms or technical details.  With the small merchant payment protection resources, we’re providing simple, easy-to-use information as a starting point for small businesses to protect themselves and their customers.”

Photo © Thinglass/Shutterstock.com

What’s Hot on Infosecurity Magazine?