Merchants and Credit Card Security

Why does it matter to me?

As the growing number of merchants in the United States are forced to admit breaches and loss of customer credit card data, the need for security on your systems has never been greater. Besides the embarrassment of admitting to your customers the loss of their personal data, the business impacts and cost blue_credit_cardhave never been larger.  Here are some reasons that your company should be concerned.

It can cost your Company Thousands of Dollars

With much of the cost of breaches being shifted to the merchant, your company can be liable for many of the cost of a breach. As well if your company isn’t PCI compliant, you may also be subject to penalties. Levied by the banks and credit card networks, these penalties can range from $5,000 to $500,000. The actual amount of the fines for not being PCI compliant are based on your PCI compliance level and the length of time your systems have been out of compliance.

It can cost your company the loss of it’s Integrity, and a loss of Customers

Customers perception of your company and the ability to service them is a critical component of business success. With the bad publicity of a data loss , your customers may wonder if you take their security and needs seriously. They may also wonder where else your company cut corners.  A SafeNet, Inc. study of over 4,500 adults in five major global economies found that 65% of respondents would never—or were very unlikely to—shop or do business again with a company that had experienced a data breach in which financial data (credit card information, bank account number or associated login details) was stolen.

There is so much to keep up with that is why we recommend a Partnership with Olaf Solutions to keep you safe, secure and compliant!


Click Here to down load the PCI 3.1 overview document

June 30th 2015 – PCI 3.0 Rules apply to Merchants (already past)

The Payment Card Industry security standards council’s PCI 3.0 revision, revealed in January, adds requirements that take effect at the end of June, putting unprepared merchants at risk of fines if they suffer a breach. With five new requirements taking hold, merchants may feel overwhelmed trying to keep track of the PCI standards changes and rules.  Chicago-based Trustwave estimates that a merchant suffering a breach could face between $100,000 and $500,000 in fines from the card networks, additional expenses between $50,000 and $100,000 to reach compliance, a $50 re-issuance fee per compromised card, and $2 per customer for credit monitoring. In addition, a merchant that has suffered a breach can expect anywhere between 8% to 19% customer churn, Trustwave says.

June 30th 2016 – PCI 3.1 Rules apply to Merchants (already past)

These upgrades made changes including the requirement for Dual Authentication for access to your network from out side of your Network.

January 31st 2017 – PCI 3.2 Rules to go into effect

A Look at the some additions in these rules.  Multi-factor authentication requirements for accessing the cardholder data environment, which were already in place for remote access scenarios, will be extended to include local access. Rules around displaying card numbers will be modified to accommodate an upcoming change to card number standards.


January 31st 2017 – Visa Mandate that all Level 4 merchants Use a QIR to install their payment software.

Effective 31 January 2017, acquirers must also ensure that all existing Level 4 merchants use PCI-certified QIR professionals from the QIR Companies list for servicing POS applications and terminals.  A level 4 Merchant is one who processes less than 20,000 VISA or MC e-commerce transactions annually and all other merchant’s processing up to 1 million VISA transactions annually

September 1st 2015 – Liability Shifts to merchants if they do not shift to EMV (Chip Cards)- Also Past

EMV, EuroPay Visa and MasterCard, is a consortium behind the evolution of credit card technology using an embedded chip in the credit card as opposed to using the present magnetic strip. American Express and Discover are also included in the consortium. After October 1st if you are not EMV Compliant the fraudulent charges will be charged back to you the merchant!

Why Olaf Solutions?

Because You need more than just a POS dealer – You need a full-fledged technology provider! Beginning next year you will also need a Certified Qualified Integrator Reseller(QIR). We have the expertise and experience to give you your piece of mind while still allowing you to make your technology work the best for you. Save2Olaf Solutions will help you navigate the process to become and stay PCI compliant, and help you in the conversion to the ability to accept EMV cards.  We know and understand the rules and requirements.  A certified technician with full knowledge of the requirements will make an on-site inspection, provide an external Scan of your network and hold an informative meeting with you about the requirements. Then we will create a check-list of what is good and what needs changed. At that point you can make the changes yourself or contract Olaf Solutions or your own provider to make the changes.  After the changes are made, we will walk you through the compliance steps to prove to your processor and the world that you are PCI Compliant. 

Click here (or call us) to request your Evaluation or Inspection