What Recent Data Breaches Mean for Merchants

by | Sep 4, 2019 | eCommerce

The list of businesses hit by hackers continues to grow in 2019. You can search Google for “retailer data breaches 2019” to see a few brand names. A data breach can affect any industry—financial, health, hospitality, consumer goods, advertising or ecommerce. Think as a small or midsize business you’re immune? Think again. Smaller businesses may be more vulnerable than large corporations with dedicated security teams.

According to the 2019 Cost of a Data Beach Report by IBM Security and Ponemon Institute, data breaches cost smaller businesses more money (per employee) than larger companies. There are also costs you may not realize.


Data Breach Business Cost

Any business that accepts credit cards is at risk of a data breach. The true cost goes beyond fixing the breach. Consider consequential costs such as:

  • Loss of company time resolving the breach
  • Loss of business (revenue) when customers are informed
  • Loss of customer trust
  • Brand reputation damage
  • Negative online content, reviews and media

Costs don’t end there. A breach, or even a potential breach, could cost you thousands of dollars in PCI non-compliance penalties per month until your business resolves the issues.

What is PCI Compliance?

Payment Card Industry Data Security Standard (PCI DSS) is a security standard for organizations and businesses that accept credit card payments. Because prior to 2006 every credit card company had its own data security standards, the five major credit card brands—American Express, Discover Financial Services, JCB International, MasterCard and Visa—established a council that created a data security standard for all merchants.

This standard, often referred to as “PCI compliance,” is an effort to help protect cardholder data and reduce credit card fraud. PCI compliance is a set of requirements for merchants.

Most small to midsize businesses can complete a Self-Assessment Questionnaire (SAQ) to secure PCI compliance status. The type of SAQ a merchant needs to complete is based on how the business accepts payment cards (visit this helpful guide on SAQ types). Timing is critical. To keep PCI compliant,  merchants who accept credit cards are required to complete an SAQ:

  1. Within 30-60 days of opening a new merchant account
  2. Every 12 months from the date the merchant account was opened



Many businesses follow PCI compliance practices. Completing the annual SAQ and receiving the certification gives you and your customers peace of mind that you’re taking great care to secure their personal credit card information.

If you notice an additional $19.95 to $50.00 per month fee on your merchant account, the credit card brands may be charging your merchant bank a PCI non-compliance fee, which the bank is passing to you. Those small fees really add up.

Help for eMerchant Clients

Feeling confused or overwhelmed about PCI compliance?

Our merchant account clients can contact us with questions. Our friendly team can help:

  • Answer general questions about PCI compliance
  • Connect you to the proper PCI representative for issues

(Our gateway clients interested in a new merchant account can ask us for the best bank and rate options for their business.)

As your business prepares for the Q4 2019 shopping season, when cyber attacks may be more common, check on the status of your PCI compliance. Now is the perfect time to close up any gaps. Your business and your customers are worth it.


*Please note that we only support merchants that are based in the United States or Canada at this time.