Cyber Monday is the perfect holiday for those of you who prefer to avoid large crowds of frantic bargain shoppers, but still want to get holiday shopping out of the way from the comfort of your homes. On the other hand, Cyber Monday is also the perfect holiday for hackers, ready to take advantage of all the incredible discounts with cleverly-disguised scams.
Approximately 64% of organizations report an increase in cybercrime on Cyber Monday. Furthermore, with over 2.29 billion dollars in online sales, it's important to make sure clients that process credit cards are protected and compliant with PCI Security Standards.
PCI Security Standards
The Payment Card Industry Data Security Standard (PCI DSS) was created by a governing board in 2004 to standardize the security programs of five major credit card companies; Visa, MasterCard, American Express, Discover and JCB. The governing board is a vendor-neutral organization and does not enforce compliance. Individual payment brands are responsible for enforcing their unique set of security standards, which were created by a private, international regulatory board.
Clients must be particularly aware of the different PCI security standards because they are the most “comprehensive and specific set of security controls ever compiled into a major industry standard or law." More importantly, the merchant is “ultimately responsible for ensuring that each service provider protects the integrity and confidentiality of the payment card data.” Although service providers are not held responsible, you still need to prove to your clients that your data management, security and retention standards are compliant with these standards.
How to be Compliant
PCI Security Standards apply to all organizations that store, process, or transmit cardholder data. So in other words, any clients that accept payment cards are required to be PCI compliant. In this case, your internet merchants, any business running online that collects and processes credit and debit card information from their e-commerce website, should be prepared for attempted data security compromises launched on Cyber Monday and during the holiday shopping season. Luckily, there are three ways MSPs can help maintain PCI compliance.
1. PCI DSS Self-Assessment Questionnaire
This questionnaire is a validation tool for merchants and service providers that are not required to undergo an on-site data security assessment. It can assist you in self-evaluating compliance with the PCI DSS. There are multiple versions of this questionnaire to meet various business scenarios. Warning: It can be very extensive and time consuming!!
2. PCI Compliance Guides
Each of the major credit card brands has a specific set of requirements and guidelines. Below, you can find a link to each guide.
- Visa Security Standards
- MasterCard Security Standards
- American Express Security Standards
- Discover Security Standards
- JCB International Security Standards
3. PCI Assessment Services
RapidFire Tools offers a PCI module to streamline the process of generating reports. The tool allows you to determine whether your customer is or is not compliant, key knowledge for this time of the year. By combining the automatic collection of network and computer data with custom generated worksheets that tell you what additional information to collect on-site, the PCI module ultimately provides you with documented proof that your client is PCI compliant.
Why Your Small Merchant Clients Need to be PCI Compliant
More than 80% of cyber attacks target small merchants. Unfortunately, small merchants are prime targets for data thieves because many have more lax security for cardholder data. Here are some of the consequences clients may face if they suffer a data breach:
- Fines and penalties
- Termination of ability to accept payment cards
- Lost confidence, so customers go to other merchants
- Lost sales
- Cost of reissuing new payment cards
- Legal costs, settlements and judgments
- Fraud losses
- Higher subsequent costs of compliance
- Going out of business
Understanding the Risk
Last year, comScore recorded an expenditure of $1.735 billion on Cyber Monday online holiday shopping alone. This year, sales are expected to grow by 15 percent. It’s also important to mention the increase in mobile device usage to shop. Social media channels like Twitter influence shopping behavior. In fact, the majority of shoppers on Twitter are very dependent on their smartphones to check prices, find out about sales and make purchases. According to Silverpop, 35% of users are also expected to click promotional links in emails while on a mobile device.
Keeping You and Your Clients Safe
Here are the top 3 ways MSPs can keep their clients' data safe:
- Encourage them to monitor their social media! Have them keep an eye out for malware or phishing posted with their hashtags, images or messaging.
- Over-communicate with your clients about what they can do to protect card holder information and their businesses.
- Offer to run a PCI compliance report to ensure they are protected against hackers long after Cyber Monday.
Here are the top 3 security suggestions to share with clients:
- Don't click on any pop-ups, redirects or "too good to be true" discounts.
- Beware of links on social media or email.
- Check links before clicking to make sure you catch any misspellings or fake addresses.
For a full list of online shopping best practices, consult How to Keep Clients Safe from Phishing Attacks and Online Scams this Holiday Season!
Want to learn how you can start offering PCI compliance to your clients? Watch our webinar, The Next Big Thing for MSPs, with RapidFire Tools to capture a new line of revenue and help protect your clients from security breaches!
See more security-related resources:
- Cybercrime & Security Overview: MSPedia
- 3 Ways a PCI Compliance Tool Can Help Grow Recurring Revenue
- What MSPs Need to Know about Compliance: Your IT Policy Checklist by Vertical
By Lily Teplow
By Brian Downey
By Dave LeClair