PCI, EMV staying up on what the acronyms mean to credit card processing and protection can be a challenge in and of itself. Regardless of credit card protections self-storage operators decide to adopt, one outcome is clear—those that stay current on technological advances likely will enjoy a security net not now fully deployed to protect credit card data and transactions. In contrast, companies that “go on the cheap” with lesser protections may jeopardize their customers’ futures, as well as their own.
Customers increasingly will expect compliance currency of the companies with which they do business. Analogous to the, “Show me the Carfax” report when seeking a car’s accident history, consumers increasingly will demand ironclad assurances that their data is safe, and that their cards are protected from fraudulent charges.
Bruce Speegle, senior account manager for SG-Associates LLC credit card processing firm, notes, “Our society wants the newest and greatest product.” So, as new capabilities are unveiled, fast consumer adoption is likely to follow. Self-storage owners must be ready to move forward at the same pace, acquiring new technology as needed in the process. According to Speegle, “President-day terminals are not set up to take new EMV microchip cards already popular in Europe and coming in force this year to the US. Once the industry says something is obsolete, it’s obsolete.”
A whitepaper from First Data entitled, “What Data Thieves Don’t Want You to Know: The Facts About Encryption and Tokenization” identifies some of the vulnerabilities facing merchants currently: “Payment security is complex, with risks and vulnerabilities at every point of the processing chain. The combination of increasingly burdensome PCI compliance costs and constantly emerging new data security threats make it essential for merchants to implement effective risk management technologies to limit costs and avoid the disastrous consequences of a data compromise event.”
The whitepaper then addresses the responsibility of businesses that conduct credit and/or debit card processing, noting that they, “have both an obligation and an industry mandate to protect consumers’ payment card data. The Payment Card Industry (PCI) Data Security Standards (DSS) provide guidelines on what merchants need to do to secure the sensitive data used in payment transactions. End-to-end encryption (E2EE) and tokenization solve for many of the vulnerabilities that exist in the payments processing chain…Encryption protects data that has been captured by the merchant but has not yet been used for the transaction authorization process. Tokenization solves the problem of storing and using real card data in business processes that are downstream from authorization.”