At the end of the day, the only questions that are relevant are how important is your business to you and are you prepared to protect it? A credit card breach at one of your stores, dealer site or at your home office can kill your business. If you haven’t lived through a breach – then you cannot possibly know what it’s really like. It is not pretty. So there is no way out.
To be sure, PCI compliance is more about security practices that a merchant should have in place regardless of the stipulation by your acquiring bank or the major card brands. It is similar to securing your home. Most of us have secured our home with security systems and employ a firm to monitor our home. Protecting retail systems and data at your stores are no less critical in this increasingly fraudulent climate. Protect your business and your brand. Now is the time to do it.
Some c- stores and marketers we have talked to are under the impression that their major oil company or card processor will take care of compliance. Some have been told that if their POS systems are designated as compliant then, they are all set. Others think that if they have a vendor come do an external scan of their systems, then they are PCI compliant. To be sure, each retailer is responsible for maintaining PCI compliance. If you own the merchant ID, assume that you will bear the brunt of the financial exposure in the event of a breach. Depending on the extent of the breach, you may not survive the breach. Even if the major oil company owns the merchant ID, a marketer bears financial liability if the breach occurred at a retail site operated by the marketer.