PCI Compliance: What Self-Storage Operators Need to Know
In 2017, 14.2 million credit cards and nearly 158 million Social Security numbers were exposed to potential fraud, according to Experian research. Identity and credit card theft are on the rise – and if you don’t take the appropriate measures, your self-storage customers could be at risk.
Payment Card Industry (PCI) compliance requirements protect consumers’ credit card data and other information from fraud and theft. As more and more self-storage operators offer online payment options, it’s critical to ensure your website provider or payment portal is PCI compliant.
Why? Because if the website you rely on to capture customer payments isn’t compliant, the odds of your customers’ sensitive information being stolen increase significantly – and you could be held liable.
What is PCI Compliance?
PCI compliance refers to a set of security standards that protect cardholders’ financial information from theft or unauthorized access. Any merchant or provider that accepts, processes, stores, or transmits credit card information is expected to adhere to these standards as a safeguard against fraudulent activity.
PCI compliance standards are governed by the Payment Card Industry Security Standards Council, an organization formed in 2006 by MasterCard, Visa, American Express, and other credit card companies. Recognizing the ongoing security risks to consumers, major credit card companies tasked the PCI Security Standards Council with the job of establishing and updating best practices in the handling of sensitive cardholder data.
As a self-storage operator, failure to comply with PCI standards can spell bad news for both you and your customers. If a hacker acquires a customer’s credit card or personal information from your operation, you could be held responsible for unauthorized purchases and other costs.
“ If a hacker acquires a customer’s credit card or personal information from your operation, you could be held responsible for unauthorized purchases and other costs.”
3 reasons why PCI compliance matters to your self-storage operation
PCI compliance is a growing concern in the self-storage industry because many self-storage companies now offer online payment options for tenants. If your website accepts online credit card payments, you are required to demonstrate compliance with PCI standards.
But here’s the catch: You might not know if your website is out of compliance. Unfortunately, website providers and payment portals don’t have to ensure PCI compliance unless you requested it when the site was created.
So, whether you know it or not, your operation could be at risk for non-compliance. To mitigate risk, you need to understand why PCI compliance is important to your business.
PCI compliance protects your customers.
Credit card providers created the PCI Security Standards Council to protect consumers from credit card fraud. By ensuring that your business is PCI compliant, you earn the trust of your customers by reducing the potential for fraud, identity theft, and other crimes.
PCI compliance protects your company’s reputation.
Most states require businesses to inform customers when a data breach occurs. PCI compliance insulates your self-storage operation from negative publicity and potential lost revenue by stopping fraudulent activity before it occurs.
PCI compliance protects your bottom line.
Businesses that fail to comply with PCI standards are subject to fines and other penalties. Although the fines vary, banks may refuse to do business with companies that lack proper security protocols – and those that do typically increase transaction fees.
Most self-storage providers’ websites feature an SSL (Secure Sockets Layer) certificate. But an SSL certificate does not mean that your site is PCI compliant, and it won’t protect you or your customers from fraudulent activity or the negative outcomes associated with non-compliance.
The best way to determine whether your self-storage operation’s website meets PCI compliance standards is to request an Attestation of Compliance from your website provider. This document demonstrates that the company and its services are certified as PCI compliant. If your provider isn’t compliant, consider switching to a provider that is.