With so much information on the Internet about PCI compliance, it is sometimes hard to separate fact from fiction. The majority of data breaches are due to the merchant’s failure to understand their obligation in securing cardholder data. It is apparent that there are many misconceptions that have developed that need to be debunked. There will probably not be an end to the myths that arise in regards to PCI compliance. A good rule to go by would be “when in doubt, check it out," and err on the side of caution. Always remember that FlashBanc is here to answer any of your questions. Just call our Security Department at 561.278.8888 or visit our PCI Compliance FAQs page.
MYTH #1 “Since Flashbanc is PCI compliant, I am automatically compliant as well.”
Unfortunately, it’s not that simple. FlashBanc is not responsible for cardholder data within your business environment. Even if you don’t store data, you are still at risk. Cardholder data can be stolen as it is processed and transmitted across your network. You must be PCI compliant.
MYTH #2 “My business processes very few transactions and we don’t even do e-commerce. Therefore, my business isn’t obligated to comply with PCI DSS.”
This is probably one of the biggest misconceptions surrounding PCI compliance. The reality is that 59% of cardholder breaches that are currently under investigation originated at point-of-sale terminals at brick and mortar stores. Though validation requirements vary depending upon your merchant level (number of transactions) all merchants are required to be PCI compliant. You can call FlashBanc at any time if you are uncertain about your particular requirements.
MYTH #3 “When I purchased my POS processing software, the box stated that it had advanced security measures. I’m sure it must be safe.” It’s not enough that the box the software comes in says that it has “advanced security measures.” Make sure your software is Payment Application Best Practices validated.
MYTH #4 "I’m a small merchant with very few card transactions; I don't need to be compliant with PCI DSS."
All merchants, small or large, need to be PCI compliant. The payment brands have collectively adopted PCI DSS as the requirement for organizations that process, store or transmit payment cardholder data.
MYTH #5 “Since I have implemented a new payment system, I don’t need to worry about track data I have stored.”
Track data is the information that is stored in the magnetic stripe of the payment card. If stolen, this information can be used to create duplicate credit cards. The age of your system has nothing to do with whether or not it is safe to store track data. You must never store track data.