With the growth of online retail and the general ease of transacting business, it is common for consumers to purchase goods and services with debit or credit cards rather than cash. However, this convenience may expose both consumers and your business to potential risks. To help protect both your company and your customers, as well as remain compliant, it is critical that your company understands the risks of accepting payment cards and proper ways to mitigate those risks.

It is important that you understand the potential risks your company could encounter when accepting payment cards.  These include, but are not limited to, these five common PCI risks:

  1. Untrained Employees: Staff should Understand the rules for accepting cards – untrained staff can make mistakes and cost you money
  2. Counterfeit Cards: Generally, the magnetic strip on counterfeit payment cards will appear rough and not work when swiped at the terminal.  Also, the shape and formate of the numbers may appear incorrect.  Not spotting fake cards can be costly.
  3. Failing to match signatures: Employees should check that the cardholder’s signature matches the one on the back of the card when necessary.
  4. Storing cardholder data: All cardholder data must be encrypted, stored and transferred securely.  Neglecting to do so could ruin your business. 
  5. Authorizing false refunds: Fraudsters often try to obtain cash refunds for card transactions.  Ensure that all staff know how to correctly make refunds, or risk being responsible for pricey chargebacks.

Mitigating Potential PCI Risks

  1. Provide thorough training on properly handling payment card transactions.  This could include what to do if a customer or payment card seems suspicious, and the process for accepting returns.
  2. Review the Payment Card Industry Data Security Standards (PCI DSS)  requirements annually to ensure the safety of your business and customers.
  3. Choose a payment card system password that is at least seven characters long, with upper and lowercase letters, symbols, and numbers.  Reset your password at least every three months.
  4. Incorporate additional PCI services, such as code 10, to more adequately protect your business and your customers’ data.

Payments cards have become a necessary business standard and your company needs to become aware of the risks associated with operating this technology.  To learn more about how your company can protect itself from the potential risks associated with accepting payment cards, contact Biscayne Risk & Insurance Group or a trusted payment card processor, such as Servistree, today.

—–
Matthew Pitnick
[email protected]