If you’ve used a credit card to make a payment on anything since the year 2005, you should be thankful for the Payment Card Industry’s Security Standard. It is a set of rules that help protect consumer information, specifically the information that is attached to your credit card. These rules govern the type of information security technology a merchant is required to have.
While these rules have undoubtedly made consumers safer, there is a huge problem with them, mainly that thousands of businesses do not comply with them. The PCI Security Standards Council recently conducted a survey of 560 U.S. based and international businesses, and its findings were quite discouraging.
The organization determined that:
*Only 28 percent of small businesses comply with the standards.
*Of those that do comply, 55 percent only secure credit card information, not other sensitive details, like Social Security numbers.
*Many companies don’t even attempt to comply because they find it to be cost prohibitive.
So what does this mean to you? Well, you are safer than you were before, kind of. It depends on the companies you do business with. You can get more assurance by working with larger companies – which means those with over 75,000 employees – since over 70 percent asserted that they were fully compliant. However, there is no way to tell who is compliant and who isn’t unless you personally interview a member of the IT department.
In other disturbing news, these guidelines do not even say what specific software a company needs to use. They just give advice for best practices. About 10 percent of the businesses deemed fully compliant were not using basic antivirus software on their company machines. This means a thief could easily hack into the network and farm data, regardless of how well the company adheres to the guidelines.
After analyzing the results of the survey and feedback from additional sources, the Council plans to introduce a new set of guidelines in September of next year. Hopefully these guidelines will be more consistently followed.
Even if all companies follow these guidelines to a T, you are still at risk every time you make a credit card transaction. Even if you don’t become the victim of a data breach, something can happen that can expose your information to the public. You could accidentally leave your card on the checkout counter, as I am guilty of doing. A thief could peer over your shoulder while you’re getting a cash advance at an ATM. Or, a server at a restaurant could discreetly copy down your credit card number, name and expiration date before running your check.
What’s a consumer to do? Sign up for identity theft protection of course! This can help you get notified ASAP if someone who is not you is accessing your credit accounts, or opening new accounts using your name, address, Social Security number or other information. These plans are affordable and you can sign up for one right now.