As a merchant, network security should be a top concern when it comes to credit card processing. The most vulnerable place for credit card data is on the merchant side of the transaction before it’s sent to the payment processor. This is why PCI compliance is important to ensure the security of a merchant’s payment processing system. While some businesses view PCI compliance as an expensive and unnecessary step, the rise of data breaches and the fines and negative publicity that come with them should be noted.
The latest credit card processing breach to hit the news is the OnePlus breach. According to smartphone maker OnePlus, it discovered fraudulent charges were appearing on customers’ credit cards. After shutting down payment processing on its website and beginning an investigation, OnePlus revealed that the credit card information of up to 40,000 people was stolen since November 2017.
The breach occurred when an entity gained access to one of OnePlus’s servers and inserted a script to capture credit card information as it was typed into a payment form on the OnePlus website. The payment processor for OnePlus was originally blamed, but the investigation showed that the payment processing occurred as it should and the breach occurred on the merchant side of the transaction.
This breach underscores just how important PCI compliance is for merchant services with rules that apply to merchants, processors, card issuers, and any entity that handles payment information. PCI compliance comes in many forms depending on the types of credit card transactions your business processes. There are even guidelines that apply specifically to a credit card machine used for in-person transactions. For example, a credit card machine or any other piece of equipment cannot store sensitive information and equipment must be kept updated.
Remember: every PCI requirement is in place because a breach could be prevented with this control, even requirements that may seem unnecessary or overboard.
At Host Merchant Services, we always ensure our customers are PCI compliant. This is done for the safety of our merchants as well as their clients. Following this standard can protect card data from thieves, keep sensitive information secure, and avoid expensive data breaches.