July 07, 2016

New Payment Protection Resources for Small Merchants and Their Banks Help Defend Against Cybercrime

(Washington, D.C.) Small businesses around the world are increasingly at risk for payment data theft. Nearly half of cyberattacks worldwide in 2015 were against small businesses with less than 250 workers, according to cybersecurity firm Symantec. In order to help these companies protect themselves and their customers, the PCI Security Standards Council (PCI SSC) Small Merchant Taskforce has developed a set of payment protection resources for small businesses.

“A core part of the PCI Council’s remit is service to merchants. The market has been in desperate need of easy-to-understand payment security resources for small businesses. Working with a global, cross-industry taskforce representing merchants, banks, merchant associations, technology and service providers, and other small merchant partners, we’re pleased to provide practical guidance to small businesses on how they can start protecting themselves against cybercriminals,” said PCI Security Standards Council General Manager Stephen Orfei.

With simple diagrams and everyday language, the resources are designed to provide a common point of understanding between merchants, their banks, payment processors, and merchant vendors on why and how to protect against payment data theft. The resources include a basic guide to safe payments; real-life pictures of merchant payment systems; questions for merchants to ask their technology and service providers; and a short glossary that simplifies technical terms.

“Barclaycard is delighted to be making the complex simple. Small businesses can use these materials to make informed decisions about applying basic security to protect cardholder data and also improve their general security stance,” said taskforce co-chair Michael Christodoulides, VP, Payment Security, Global Payment Acceptance, Barclaycard. “The materials also include basic guidance and some simple questions to ask a potential new supplier that can be quickly absorbed and acted upon, ideal for small businesses.”

“In today’s high-tech world, small and medium-sized restaurants are consistently at risk of data breach. The National Restaurant Association is excited to have participated in this project with the PCI Council,” added taskforce co-chair David Matthews, General Counsel, National Restaurant Association. “We will now be able to provide the restaurant industry with the best practices and tools needed for defense against cyberattacks. These resources will help give restauranteurs the confidence and real-world knowledge to prevent and protect against data theft.”

The PCI payment protection resources for small merchants are on the PCI Council website as a digital toolkit for banks and payment processors to download, co-brand and distribute to their small business customers. Flip-book printed versions of the Small Merchant Guide to Safe Payments are also available for order. Visit our site to download and share the PCI small merchant payment protection resources. 

PCI Perspectives blog post, “Focusing on the Fundamentals: Payment Protection Resources for Small Businesses”, provides additional insights on helping stem the tide of cyberattacks and data breaches.

“Some of the most impactful changes a small business can make to protect themselves from a data breach are relatively simple steps, but often companies are not aware of how payment data flows from their business to their financial partners, or how they can improve the security of the cardholder data,” said PCI Security Standards Council Chief Technology Officer Troy Leach. “We specifically ask those working directly with the small business community to use these resources to educate companies on ways they can improve their security while simplifying their responsibility, so they can focus on other aspects of their business.”

About the PCI Security Standards Council

The PCI Security Standards Council is a global forum that is responsible for the development, management, education, and awareness of the PCI Data Security Standard (PCI DSS) and other standards that increase payment data security. Connect with the PCI Council on LinkedIn. Join the conversation on Twitter @PCISSC. Subscribe to the PCI Perspectives Blog.