Retailers get a bad rap when it comes to press about credit card security breaches. In truth, according to the National Retail Federation, data breaches at retailers account for only about 24 percent of overall incidents. Not every incident is a huge breach of data. Security failures can happen at the store level, too. C-store owners and operators must commit to reducing security risks, which starts with effective PCI compliance training.
What can you do to protect your customers’ data?
Cyber-security happens behind the scenes at a higher level, but your front-line employees still play an important role in protecting customer data. Training your staff in PCI compliance is your responsibility. Make sure your PCI compliance training covers these main points:
- Never copy sensitive cardholder data to any form of electronic media.
- Never manually copy credit card numbers or information, such as writing them on a scrap of paper, ledger, or hand ticket.
- Keep cards in sight of the customer at all times during the transaction.
- If you have to hold on to any credit card data for an approved business purpose, keep that data in a secure, locked environment.
- If you have physical credit card data that needs to be thrown away, it must be completely unreadable, incinerated, or cross shredded into pieces no greater than 1/4 inch.
- Never send e-mails containing credit card data.
- Store management should be immediately involved any time a customer leaves their credit card behind.
How can you make sure your PCI compliance training sticks?
Training that isn’t implemented correctly doesn’t do anyone any good. Use mentoring, mystery shoppers, and follow-up training exercises to make sure employees are following the guidelines they learned in their PCI compliance training course. Most importantly, set a good example. When you’re conducting on-the-job training or filling in at the register, follow PCI compliance rules to the letter. Show employees how important compliance is with your own actions.
What happens if you have a data breach?
Nothing will derail customer loyalty faster than a breach in data security. Even your most loyal customers will be hesitant to shop with you if they can’t be assured their credit card information is secure. If you have a data breach, be up front with your customers. Let them know what is being done now to protect their data, and what they can expect from the company in the future.
PCI Compliance Training for C-Store Employees
The Ready Convenience Compliance Training Workshop covers critical compliance topics, including PCI Compliance training. Click here for more information.