By Rick Boyles, President, Computer Networks, Inc. |

WhyXYourXSMBXShouldXBeXAcceptingXPayPalIf your company is not fully compliant with Payment Card Industry (PCI) Security Standards, you could be at risk of a serious tangle with attorneys. Technically, PCI guidelines are not a hard-and-fast set of laws. However, businesses and medical practices in Norfolk, Chesapeake, Virginia Beach, Portsmouth, or Suffolk can still face hefty liabilities for not meeting them.

Our Managed IT Services experts suggest that you avoid these mistakes to keep your company or medical practice out of hot water:

  1. Storing Cardholder Data in Noncompliant Programs

Many states have laws regarding data breaches and, depending on where you accept cards, you may be subject to many of them. For example, Massachusetts has 201 CMR 17.00, which requires companies keeping any personal data from Massachusetts residents to prepare a PCI-compliant plan to protect that data. If a company then fails to maintain that plan, the business may face state prosecution.

  1. Fibbing on the Self-Assessment Questionnaire

If you have considered tampering with the reports from your company’s Approved Scanning Vendor, think again. Time invested now in an IT support company to fix any holes in your data security system could save you big-time from the penalties your company could suffer if there’s ever a data breach.

The same thing applies to simply “fudging the truth” on self-prepared compliance reports. Even if you think it’s a harmless stretch of the truth, our IT support company recommends that you don’t do it.

  1. Not Using the Right Qualified Security Assessor

Many companies in Norfolk, Chesapeake, Virginia Beach, Portsmouth, and Suffolk use Qualified Security Assessors to help them maintain their PCI compliance. Every QSA does not necessarily know as much as another, however. It’s important to select a computer network services firm that both understands your business or medical practice and stays up-to-date on the latest version of PCI Security Standards.

  1. Trying to Resolve Data Compromises Under the Radar

You may be tempted to fix a customer’s complaint yourself if they inform you of a data compromise, but our Managed IT Services experts recommend that you do not.  Not informing credit card companies of data breaches, however small, can lead to you no longer having access to their services. Those credit card companies can then file suit against your company, costing you big bucks in the end.

  1. Not Checking ID for Point-of-Sale Credit Card Use

Sometimes it seems like no one checks IDs against the credit cards being used, so merchants tend to be lax about doing so. Unfortunately, running just one unauthorized credit card could cost you a lot in the long run.

Even if the state in which you do business does not have specific laws regarding PCI compliance, a civil suit may come against your company for any data breaches. The court will not favor you if you have not been PCI-compliant.


About our IT Support Company
Our IT support company serves Norfolk, Virginia Beach, Chesapeake, Portsmouth, and Suffolk businesses and medical practices.  Founded in 2004 by Rick Boyles, our typical customer has 10 to 150 workstations, is a business or medical practice, and relies heavily on e-mail, the Internet, and their computer network for running their offices.  Clients hire us to provide Managed IT Services and Computer Network Services to ensure their data security system and other IT components are compliant and strong. They do not want to incur the overhead and cost of a full-time IT staff, and they do not want to risk their IT to a self-taught employee who knows “a few things” about computers.