Small business owners are 100 percent responsible for their customers’ personal information and credit card data. One of the biggest myths is that security is tied solely to credit card information. The Payment Card Industry (PCI) Security Council will be the first to point out that it is as much about the personal information of your customers as it is about their credit cards. At the end of the day, banks can be a safety net if someone were to get your customers’ credit card information. Unfortunately, there isn’t a safety net if personal information is stolen from an online business.
PCI compliance is still a misunderstood concept. While there is plenty of material available on the topic, a small group of people has most of the information. History shows us that when this type of situation occurs in the marketplace, a lot of people end up buying services that don’t help at all. If your credit card company, eCommerce provider, hosting company, bank or other provider offers you a new service to assist in maintaining PCI compliance, simply ask the following question. “By purchasing this service, are you guaranteeing that you will pay for any fines or loss of business I might suffer if my online store becomes compromised?”
More often than not, the answer will be no. So why would you pay money for something that won’t help you with the problem? The answer is the lack of knowledge. Most small business owners don’t have enough time to run their stores, much less to keep up with the security requirements for maintaining an online business. As a result, when a service provider approaches an online businessperson about a new service to secure its customers, it scares many business owners into purchasing it.