This article was originally published in Elavon’s Payment Smart newsletter. The Washington Hospitality Association’s payments processing system is backed by U.S. Bank/Elavon. Click here to learn more about the program.


Payment Card Industry Data Security Standard(1) (PCI DSS) compliance is the first step in securing payment card data and can often seem like a mountain to climb for small businesses – but that needn’t be the case. With the right knowledge and the right partners, it can be understood and achieved without much trouble at all.

It doesn’t matter how large or small your business may be, you are obligated to comply with the standard that assures all the basic requirements are in place to accept, transmit, or process cardholder data responsibly.

If your payments system is not compliant, if you have never validated your PCI DSS certification, or if you have an expiring PCI DSS validation, you could be racking up unnecessary noncompliance costs – not to mention making customer payment card data a very easy target for being breached. Elavon has a team that can help you identify and navigate the issues that have kept you from becoming or remaining compliant with the PCI DSS standard, and can identify ways to simplify the validation process for your business.

Securing data is an ongoing effort
That said, even with PCI DSS validation, chances of experiencing a compromise event remains at 1:4, and more than 80 percent of those attacks are targeted at small businesses(2), which is why additional layers of data security should also be considered.

“In our experience, one of the most common misconceptions of a small business owner is believing that their payment data is fully secure because they are PCI DSS compliant, but in truth, PCI DSS validation only reflects a point in time; securing data is an ongoing effort,” said Erica Reagan, Elavon Director of PCI Programs.

This misconception, along with the fact that on average, a startling 47.5% of PCI DSS compliant businesses have not maintained all PCI DSS controls nor kept up with required periodic reviews(3), heightens the need for services to help businesses protect themselves and their customers’ payment card data.

While there’s no one-size-fits-all approach for protecting payment card data, a layered approach that includes EMV, encryption and tokenization ensures attackers have nothing to steal if they did break in.

The Washington Hospitality Association’s payments processing system is backed by U.S. Bank/Elavon. With Elavon, you already have a payment data security specialist on your team. So where do you start?

Contact Chazz Warren. She’s here to learn about and support your business and can connect you to payment card data security options that make sense for you.


(1) PCI Security
(2) Ponemon Data Breach Study
(3) Verizon Payment Security Report