Managed IT Services Tip – Does Your Company Accept Credit Cards? Watch Out For 5 Pitfalls

Posted by admin On September 14th, 2015

Managed IT Services Tip | 5 PCI Compliance Mistakes That Could Cost You

By Rick Boyles, President, Computer Networks, Inc.

If your business accepts credit or debit cards, PCI compliance isn’t optional… it’s essential. While the Payment Card Industry (PCI) Security Standards aren’t technically laws, businesses across Virginia Beach, Norfolk, Chesapeake, Portsmouth, and Suffolk can still face serious financial penalties and legal exposure if they fail to meet them.

Our Managed IT Services team helps small businesses and medical practices stay compliant and secure. Here are five common PCI compliance mistakes you’ll want to avoid before they cost you big.

1. Storing Cardholder Data in Non-Compliant Programs

Many states have strict data privacy laws that hold businesses accountable for how they store customer information. For example, Massachusetts regulation 201 CMR 17.00 requires all companies maintaining personal data from Massachusetts residents to create and maintain a PCI-compliant protection plan.

Failing to meet these standards can result in state enforcement actions and civil penalties—even if the breach occurs outside of Massachusetts. The bottom line: if you store cardholder data, make sure it’s done in a PCI-compliant system that’s properly encrypted and monitored.

2. Misrepresenting Security in Self-Assessments

It may be tempting to “smooth over” findings in your self-assessment questionnaire or alter results from your Approved Scanning Vendor. Don’t. Any inaccuracy in your PCI reports can lead to serious consequences if your company experiences a breach.

Investing the time now to have an experienced IT support company correct vulnerabilities will always cost less than dealing with the fallout of fines, lawsuits, and lost business later.

3. Choosing the Wrong Qualified Security Assessor (QSA)

Not all QSAs are created equal. Many businesses rely on third-party consultants to maintain PCI compliance, but some lack the technical depth to understand both the PCI standards and your unique business operations.

When selecting a QSA, work with an IT firm that understands your network infrastructure, business processes, and compliance requirements. A strong local partner will also stay current with evolving PCI standards and security updates.

4. Hiding or Ignoring Data Compromises

If a customer reports that their card information may have been compromised, don’t try to handle it quietly. Attempting to fix or conceal a breach on your own can result in loss of merchant privileges and lawsuits from card issuers.

Instead, contact your IT support provider immediately. Quick, transparent action can limit your exposure and demonstrate due diligence to financial institutions and regulators.

5. Skipping ID Verification at the Point of Sale

Checking IDs may seem old-fashioned, but it’s still one of the easiest ways to prevent unauthorized card use. Failing to verify a customer’s identity- even once- can lead to costly chargebacks or disputes, especially if fraud is later uncovered.

Even if your state doesn’t enforce PCI compliance laws, you can still face civil liability for mishandling payment data. Courts consistently rule against businesses that aren’t following established PCI security standards.

Protecting Your Business Starts with the Right IT Partner

PCI compliance isn’t just about avoiding fines- it’s about safeguarding your reputation and your customers’ trust. The best way to stay protected is through proactive management, regular system monitoring, and support from a certified IT services provider.

Computer Networks, Inc. helps small businesses and medical offices across Hampton Roads implement PCI-compliant systems that defend against data theft and cyberattacks.

To schedule a consultation or compliance assessment, call 757-333-3299 x200 or email info@computernetworksinc.com.

About Computer Networks, Inc.

Founded in 2004 by Rick Boyles, Computer Networks, Inc. provides Managed IT Services, computer network administration, HIPAA compliance consulting, and cybersecurity protection for businesses and medical practices throughout Virginia Beach, Norfolk, Chesapeake, Portsmouth, Suffolk, and Hampton Roads.

Our clients typically operate with 10–150 workstations and depend on secure, reliable networks to run daily operations. We deliver enterprise-level IT support without the overhead of an in-house team.