High-risk payment acceptance is everywhere.
A recent payment experience at my local dry cleaners caused me some alarm, so much so that I described it in detail on LinkedIn:
Without any real forethought I pulled out my debit card. Maybe it was the knowledge that the purchase amount would likely be under $30.
Maybe it was the assumption that this small business, judging from the surroundings, is likely using an old standalone payment terminal. Maybe it is even dial-up, with any luck. Low risk city.
And then it happened so quickly. She took the card and I sort of froze watching her swipe it on a mag strip reader integrated into the keyboard! This was on a PC that looked like it had seen better days. Ugh, that sinking feeling I could not shake.
I was very close to asking if they had a real firewall back there, or if it was protected by a home quality router. But then the part of me that knows too much just did not want to know at that moment. Back to ignorant bliss?
Not Really. Now I will be thinking about it; at least for a little while.
I’m sure you’ve been there, too. You hand over your credit card and then suddenly get that sinking feeling that perhaps your data isn’t safe in their hands (or systems). It’s a natural response, especially for those of us in the payments and security industries.
Your smallest merchants need you, and you need them.
When was the last time you thought about the smallest merchants your acquiring business serves? The hard truth is that helping them with data security and PCI compliance benefits both you and them, because should a data breach occur, neither of you will come away unscathed.
We have to do our level best to not only educate them, but also make the process of becoming more secure as simple and cost effective as possible. In many cases, that involves aiding their access to the right technologies, such as a business-grade UTM firewall.