When cardholder data is exposed or stolen, the entire payment card ecosystem is impacted. Consumers lose trust in their merchants or financial institutions, their credit can be adversely affected - and the merchants involved in the loss experience significant financial liabilities.

Data breaches occur more frequently than people realize and are continuing to trend higher. As a merchant, it is crucial to understand the scope and risks involved in credit card processing and how simple and affordable it can be to secure your data and protect your business.

How Big Is the Problem?


Data Breaches Continue to Rise in Cost and Frequency

What are the Leading Causes of a Data Breach?

  • POS Malware
    Over 317 million new pieces of malware were discovered in 2014 alone. Constantlly evolving and looking for vulnerable systems to latch on to, a managed firewall and security service will keep you ahead of malware threats.

  • Employee Mistakes
    Simple lack of employee training and weak security controls frequently leads to mishandled data and easy targets for data breach. Having a security partner to provide employee training and security guidelines can eliminate this threat.
  • External Hacking
    47% of all breaches in 2014 were caused by malicious external attacks. Maintaining a tightly configured managed firewall that is constantly monitored will enable you to detect and properly report data breach attempts.
  • Internal Hacking
    Malicious abuse by a company insider accounts for almost 25% of data breaches. A managed firewall with circumvention detection ensures your security controls are always on and properly running.

What happens when you are breached?

A small business must respond quickly if sensitive customer information is lost or stolen. Among other things, you may need to notify the affected customers and state and/or federal regulators.

  • Suspected Data Security Incident Letter

    Typically, an unprotected merchant finds out about a breach via a letter from the acquiring bank. This letter will state a "CCP" or Common Point of Purchase Notice and will mandate a PCI Forensic Investigation. At this point, the bank will assume position that the merchant should have been PCI compliant.

  • PCI Compliance Forensic Investigation

    This investigation begins on two fronts - a criminal investigation lead by FBI that may confiscate equipment such as a POS system, and a PCI forensic investigation to measure security in accordance to the PCI-DSS standard along with review of security logs and system images.

  • Meeting Between the Parties

    The credit card companies, acquiring bank, law enforcement, and the PCI forensic investigator (PFI) will review findings from the investigation and discuss future steps. The key for the merchant at this step is full cooperation and timely delivery of requested information.

  • Penalty Assessment

    Credit card companies initiate penalties that can exceed $250,000 depending on the situation. Other costs may include card replacement fees ($50-70 per card), charge backs for fraudulent charges on compromised cards, mandated card monitoring services ($5-15/month/card) and in worse-case scenario, a prohibition on processing credit cards. The guideline estimate of total penalties is typical $207 per card.

A How-to Guide for Responding to a Data Breach


What is the Typical Cost of a Data Breach?

What if I'm not PCI compliant?

During the forensic investigation, if it is found that the merchant was not PCI compliant, the fines could be increased to a devastating level. The level varies based on the merchant's cooperation with the card brands. As a merchant, the regulations signed when you open an account at the bank state that the VISA regulations have to be adhered to. Even if you have been in business for decades, PCI still applies if you store, process or transmit credit cards.

Get Started! Schedule a time to talk with a representative.

PCI compliance can be confusing. Our job is to make it simple! Complete the form to get a free consultation or call (866) 559-2170.

Are you a Managed Service Provider or POS Reseller?: