Visa USA has released a program designed to help the nation’s small businesses improve their security. The credit card company’s program calls for acquiring financial institutions to strengthen their existing data security efforts to identify and address risks among their small merchant customers–such as smaller c-store chains–including identifying whether merchants are storing sensitive account data and are complying with the industry-wide Payment Card Industry Data Security Standard (PCI DSS).
Visa has long required all entities, including small businesses, which store, process or transmit Visa cardholder data, to comply with PCI DSS.
While more than 80% of all identified compromises since Jan. 1, 2005 occurred at Level 4 merchants, less than 5% of potentially exposed accounts are stolen from Level 4 merchants.
“Data security breaches involving payment card information occur at small businesses more frequently than at all other merchant levels combined,” said Michael Smith, senior vice president, enterprise risk and compliance, Visa USA. “We are committed to working with our acquirers and their small business customers to get ahead of this growing vulnerability.”
The challenge for many small business owners today is that they are too busy running the day-to-day operations of their companies to take the time to be security experts. Furthermore, in some instances they may not be fully aware that their systems are storing highly sensitive information that criminals seek in order to commit payment fraud. By further assisting them in eliminating the storage of sensitive card data, a merchant’s chances of becoming a breach victim can be greatly reduced.
According to a recent survey conducted by Visa and National Federation of Independent Business, most small businesses (57%) do not see securing customer data as something that requires formal planning, and many (39%) say they rely on common sense to keep data safe. Visa and NFIB have partnered to educate small businesses on data security threats and how to successfully avoid them. As part of their efforts, Visa and NFIB have developed free educational materials and tools, available as of Aug. 1 at www.NFIB.org, to help small businesses protect themselves from data fraud.
Visa acquirers are required to provide Visa with a summary of their small merchant compliance plans by July 31. The program was announced to acquirers in May.