Small businesses struggling with PCI compliance

Small businesses struggling with PCI compliance

Many small businesses continue to struggle with data security issues, despite constant news coverage of data breaches associated with credit cards. A new report said non-compliance with the PCI Data Security Standards is a big reason why.

According to Hartford Business Journal, a single data loss can cost a small business thousands of dollars and possibly affect the company's bottom line. However, most business owners fail to stay in compliance with the PCI DSS, a step most experts said is a major move toward avoiding a data breach.

"The biggest obstacle is the merchant understanding the value of compliance is as important as locking their front door when they close for the day," said Doug Klotnia, a payment security expert. "That taking the small amount of time required to self-assess could be that one simple effort that keeps them from a massive financial loss."

A data loss can be financially devastating for a small business, with non-compliance fees costing as much as $50,000 and an original forensics investigation priced at about $10,000, the report said.

Verizon's recent Payment Card Industry Compliance Report showed that 79 percent of companies accepting credit cards have failed to remain in compliance, although businesses were meeting about 80 percent of compliance standards. The report also found that businesses containing between one to 100 employees were at the highest risk of data breach.