4 Min ReadJune 19, 2015

Credit Card Data Security and Your Dealership

Visa, MasterCard, Discover Card, American Express and JCB International support the Payment Card Industry (PCI) Data Security Standard (DSS). This global standard, now 11 years old, is designed to guide all organizations that accept credit cards to secure their operations and, therefore, minimize the chances for fraud. The standard defines controls (both process and technology controls) for handling cardholder data that minimize the risks for all involved.

Like other merchants, dealerships are responsible for achieving PCI compliance when they accept credit cards. Specifically, the PCI standards state that if you accept cards for payment, or process, store, or transmit credit card information, you must meet the PCI Data Security Standards. Even if you only accept one card annually and simply use an imprint device, your dealership must comply.

High-profile credit card data breaches, such as those see at Target, Home Depot, and UPS, are shedding a lot of light on how companies and customers alike can be negatively affected by hackers and their tech skills. And while dealerships may believe they're too small to garner any attention from hackers, think again. PCI itself reports that small and mid-size businesses are actually at greater risk of being breached than large businesses

Ignoring PCI Standards Can Result in Significant Fines

 

Merchants who ignored the standards and experienced a breach have reported that the fines they incurred may have been more severe than for those merchants who either complied or took steps to comply and then experienced a breach. The Ponemon Institute estimated that the average credit card data breach costs approximately $3.5 million—about 15% more than it cost in 2013. Data breach fines can range from $5,000 to $500,000 per month of non-compliance.

Burden of a Breach Transitioning to the Merchant

 

Recent changes to the PCI DSS warrant your immediate attention, particularly as merchants are increasingly being held accountable for stolen credit card information by the card issuers. As of October 2015, merchants should seriously consider replacing older magnetic credit card readers with the new EMV (chip and pin) card readers. Merchants who don’t and later experience a data breach may find that their business may own the financial responsibility for the breach.

Specifically, if you accept credit cards for payment, you are responsible for the following:

  • Reviewing and understanding the PCI Data Security Standards
  • Understanding the reporting requirements that apply to your business
  • Reporting compliance to your payment processor annually

Most dealerships fit into the small-to-medium business classification with respect to credit card processing and will be defined as level 3 or 4 merchants. The good news is that these merchants, while still expected to comply with the full PCI DSS, may have simpler reporting requirements in the form of self-assessments, particularly if the scope of the cardholder data environment is small.

People and Process as Important as Technology

 

In addition to the technological aspects of credit card use, there are people and process controls required for compliance with the PCI DSS. These controls include conducting background checks on associates handling consumer credit cards and providing periodic training to those associates. Dealers are also responsible for protecting card readers and inspecting them to ensure they have not been tampered with.

PCI compliance is not a law, but an industry standard with contractual obligations. Some states, however, have codified some or all of the PCI DSS into law, and you need to know if these regulations affect you. PCI compliance is your responsibility; CDK cannot deliver it for you. Compliance is not a one-time event, but something you must maintain, such as maintaining an automobile.

If you accept credit cards for payment, CDK recommends that you engage your legal counsel and/or a PCI Qualified Security Assessor (QSA) consultant to define a PCI DSS compliance plan that suits your dealership.

How CDK Can Help

 

CDK has worked with PCI-compliant payment processors and many clients, helping to bring DMS-integrated thirdparty solutions to market that may minimize risk and reduce the cost of securing these operations. These solutions help prevent credit card information from being processed, stored, or transmitted on your DMS.

The solutions help by:

  • Removing much of the card processing from the dealer’s network
  • Encrypting card data in the device where it is swiped or entered
  • Using the latest validated tamper-proof card readers

These criteria have the potential of significantly reducing your PCI scope.

CDK’s analysis of the PCI DSS leads us to the understanding that delivering PCI DSS-compliant solutions on a DMS network can be very complex and costly. Many systems on a dealer’s network are not owned by the dealer; thus, the dealer has little leverage to remediate these systems. Therefore, CDK has a policy in place to not build and sell credit card point-of-sale products, but to work with expert payment processing partners who know the business and keep their card processing systems compliant.

For more information, visit the official PCI web site at www.pcisecuritystandards.org. It includes comprehensive details of the PCI DSS, PTS- validated readers, certified QSAs, and more.

Share This

CDK Global
By CDK Global
Staff

Recent Insights

How Machine Learning Helps Dealerships Price and Manage Inventory.

How Machine Learning Helps Dealerships Price and Manage Inventory

Over half of dealers struggle to price used vehicles with confidence, and 62% say pricing prevents them from achieving financial...
3 Min ReadAug 28CDK Global
How Dealership Tech Training Improves Vehicle Delivery Experience and Customer Satisfaction.

How Dealership Tech Training Improves Vehicle Delivery Experience and Customer Satisfaction

Vehicle delivery isn't the end of the purchase process; it's the beginning of ownership, and it's essential that this journey...
4 Min ReadAug 26CDK Global
Are Dealers Moving to Where the Car Sales Are?

Are Dealers Moving to Where the Car Sales Are?

As we approach the midpoint of the 2020s, the U.S. auto retail landscape looks markedly different from just five years...
3 Min ReadAug 21CDK Global
Consultants Help Dealers Identify Improvements  to Increase Efficiency and Profit

Consultants Help Dealers Identify Improvements to Increase Efficiency and Profit

There is no denying the significant investment car dealers make with the software that runs their stores. But most dealerships...
4 Min ReadAug 19CDK Global
Leasing’s New Life as Monthly Payments Get Squeezed.

Leasing's New Life as Monthly Payments Get Squeezed

Leasing isn’t new. But as the market tightens and sale prices and MSRPs begin to rise there is renewed interest...
3 Min ReadAug 14CDK Global
C D K Research Uncovers the Truth About E V Ownership in 2025.

CDK Research Uncovers the Truth About EV Ownership in 2025

Electric vehicles have been a hot topic in the industry for nearly a decade. Today, the end of EV incentives...
2 Min ReadAug 7CDK Global
Four Requirements for Modern Dealer Appraisal Software in 2025.

4 Requirements for Modern Dealer Appraisal Software in 2025

Appraisals are an essential step in dealership processes. Even in today’s market where many dealers are offering top dollar for...
4 Min ReadAug 5CDK Global
Car Buying Process Rebounds in July

Car-Buying Process Rebounds in July

June saw the biggest drop and lowest score in the history of our Ease of Purchase scorecard. Luckily, there was...
3 Min ReadAug 4David Thomas
Three Ways Dealers Use Automotive Inventory Management Software.

3 Ways Dealers Use Automotive Inventory Management Software

Not too long ago, CDK conducted an informal survey of dealerships to see what inventory concerns plague them most. Some...
4 Min ReadJul 30CDK Global
How COVID 19 Strategies Can Help Dealers Pivot in 2025.

How COVID-19 Strategies Can Help Dealers Pivot in 2025

If the word of the year in 2020 was unprecedented, the word of 2025 may very well be tariff. Tariffs...
3 Min ReadJul 28CDK Global