As a small business, why should I comply with PCI DSS?

You may have heard of PCI compliance and you may be thinking, why do I have to comply?

For smaller businesses, PCI compliance may seem daunting, confusing and not something you know much about. This blog aims to give you the benefits of being compliant in comparison to non-compliance and the potential result of being non-compliant.

If you think of taking a single credit card transaction like someone handing you the keys to their safe and asking you to carefully take out just the amount you are owed, you will realise the importance of security surrounding your customers’ personal details. As a business, you must demonstrate that you care about your customer’s personal information. PCI DSS compliance shows that you are committed to the protection of this information, increasing trust amongst your customers, and encouraging repeat visits.

Even though there may be a cost/benefit ratio and the cost to comply outweighs the benefit to you or your customers, this can change instantly. You may think that as a small business, you would not be a viable hacking target. In fact, the recent threat report carried out by Symantec found that three in five cyber-attacks last year targeted small to medium sized businesses. It is often easier and quicker for a hacker to attack many small businesses, rather than one large business.

If this happens, the card issuing companies can fine your bank thousands of pounds. The bank, in turn, would pass these charges down to you. Your business would also be liable to pay for a full forensic investigation to find out how the cyber-attack happened, and how many customers’ details were stolen. Those customers, who now run the risk of having fraudulent charges being taken in their name, would then have to obtain a new card and would most probably take their business elsewhere.

As a small enterprise, you may rely on relationships with other businesses and also reputation, which could also be affected. You also may not have the necessary funds or expertise to recover from a data breach, especially if a large fine is involved. By becoming PCI compliant, you can benefit from peace of mind knowing that your customers’ data is secure, and better customer relationships through stronger perceived trust.

If you would like to ask us any questions about PCI compliance, please email us at [email protected] or give us a call on 0330 022 0660.