Recently, SVB held a webinar on the Payment Card Industry (PCI) risks and compliance. Given all the media attention to recent security breaches, we weren't surprised by the overwhelming interest in the topic. We had a high number of participants and great questions in our Q&A session. It seems every company wants to know if their data is safe–for good reason.
Info Security Magazine named 2014 the year of the data breach, and we do not expect the number of breach events to go down any time soon. With more people online and data in the cloud, predictions are that these incidents will keep escalating. The number of exposed records jumped significantly in 2013 and 2014 with a number of large merchants affected. The reported number of data breaches probably doesn't account for the small merchant space. So smaller-sized businesses may feel their risk is limited. The scary reality is that small and mid-sized merchants are hackers' low-hanging fruit–easy targets compared to the big or national retailers.
Breach concerns can keep smart business owners awake at night with fears of what they'll lose if they suffer a security breach. According to FirstData in 2014, the average breach costs business owners about $36K. Forrester concluded that 70% are caused in some way by employees–either with malice or negligence. Unfortunately, 60% of affected businesses fail within six months of a cyber-attack per foxbusiness.com.
I'm not trying to scare you with these stats, but they point out why every merchant client needs to be PCI compliant. The PCI Security Standards Council–an organization formed by the card brands–created the PCI Data Security Standard (DSS) to help merchants safeguard client information. Any merchant that stores, processes or transmits customer card data must comply with PCI DSS standards on an annual basis. SVB is prepared to help our clients achieve compliance so they can sleep better at night.
Our PCI Program comes with great benefits offered through our vendor, ControlScan®. They include $100K in data breach protection and Application Replacement Coverage of up to $15K to update breach-impacted systems. Dealing with the impacts of a security breach can be overwhelming. Forensic audits–which are like a crime scene investigation–are costly and time consuming. There may be compliance fines, sales and productivity loss and, of course, brand damage! The program limits liabilities such as compliance fines and covers customer credit/debit card replacement costs which would not be covered without PCI certification and would fall on the merchant.
Visit ControlScan's website at controlscan.com/svb to learn more. The website and self-assessment questionnaire (SAQ) provide you with leading tools and the support necessary to analyze, remediate and validate PCI compliance. Once you're validated, ControlScan will provide you with your Certificate of Compliance and submit proof of your compliance to SVB.
We're Here to Help
We are a guide and ally for our clients. Please call our Merchant Services Customer Care Team 24/7 at 1.888.288.2692 with any questions about PCI compliance and about Merchant Services in general.
The views expressed in this column are solely those of the author and do not reflect the views of SVB Financial Group, or Silicon Valley Bank, or any of its affiliates. This material, including without limitation the statistical information herein, is provided for informational purposes only. The material is based in part upon information from third-party sources that we believe to be reliable, but which has not been independently verified by us and, as such, we do not represent that the information is accurate or complete. The information should not be viewed as tax, investment, legal or other advice nor is it to be relied on in making an investment or other decisions. You should obtain relevant and specific professional advice before making any investment decision. Nothing relating to the material should be construed as a solicitation or offer, or recommendation, to acquire or dispose of any investment or to engage in any other transaction.