By Mikal E. Belicove|For Entrepreneur Magazine|April 1, 2012
Q: Are those credit card plug-ins for smartphones really PCI compliant?
A: First, a primer on Payment Card Industry (PCI) noncompliance. If you fail to protect customers’ credit card data, your business could face hefty–even crippling–penalties and fines from payment processors, and could lose the ability to accept cards altogether. (Then there’s the prospect of facing angry customers demanding to know how fraudulent charges ended up on their credit card statements.)
If you think your small operation is too insignificant to bother, think again. According to the PCI Security Standards Council, 80 percent of all credit card security breaches in the U.S. since 2005 have been attributed to small businesses. (For more info, go to PCISecurityStandards.org.)
With usage of mobile payments skyrocketing each quarter, understanding and maintaining PCI compliance is vital to protecting your business. As for the security of the hardware attachments (dongles) and software that can turn a smartphone or iPad into a credit card reader, you can breathe easy if you follow PCI rules and common sense, according to Rajat Bhargava, chairman and CEO of StillSecure, a Colorado-based security provider and PCI-compliance expert. Here’s what he suggests.
Separate online credit card processing from your business’s main network, ideally with a dedicated computer, smartphone or tablet with its own internet connection. This will reduce the chances of…