Thursday 21 June 2012

PCI DSS – Another Excuse To Rip Off Small Businesses

Running a small business can be challenging, and the burden of regulation is at times staggering. Despite the government’s promises to reduce red tape I've just found out about the Payment Card Industry DataSecurity Standard.  

PCI DSS is all about ensuring that companies properly secure card data, which is absolutely fine with me. You sign up with one of several companies that will, on behalf of your card services company, audit your security on an on-going basis and in theory prevent hackers from stealing your customers card details – in return for a monthly fee of course.

We are a little old fashioned in the way we deal with credit card details in that we don’t store them either in our database or on paper. I promise you that I’m no luddite; I choose not to store this information not out of any fear of being hacked, but out of fear of having to wade through unbelievable amounts of red tape. So we use an old fashioned credit card terminal, and we have rules that dictate that card data is either entered via the Chip-and-PIN terminal, or over the phone directly into the keypad (with nothing being written down).

Surprisingly I first found out about PCI DSS not from HSBC Merchant Services company who provide my card taking facility, but from some poorly addressed emails from an unknown company that I was about to consign to junk because they were addressed to the generic emails we use on our website. Once I’d realised these were in fact genuine, and got over the complete failure of my Merchant Services team to get this important message to me, it was then time to be amazed at a brazen attempt to take money from us in return for nothing.

Can you believe that despite our decision to avoid electronically storing credit card data I  was still told I’d have to pay £84.00 annually to this third part for the privilege of being audited – audited for what I ask you? This seems to me like nothing short of a racket. Even worse is that nobody else seems to be aware of these new requirements despite the fact that next month thousands of small businesses will get their first taste of the regulations when, according to Security Metrics,  HSBC merchant services begin charging them an additional £50 a month for non-compliance.

Security Metrics, who act for HSBC Merchant Services discussed the options with me, and I discovered that by taking the step of unplugging my EPOS terminal from the network and back into the old analogue line I could halve their fees, but that still means I’m paying for a system that is completely divorced from my own IT infrastructure, secure or not.

Smelling a rat I did some research and spoke to Alan Green of who told me that if I opted to use an analogue phone line then I could exempt myself simply by filling in a Self Assessment Questionnaire and sending this to my Merchant Services company every year.

So there you have it: A poorly communicated initiative* that is going to unfairly penalise thousands of small businesses across the UK, while at the same time mis-selling them services that they don’t require. I think it's time the shit hit the fan.

*I really can't say for sure whether HSBMS sent me information on this subject - I can't see how I could have missed it, but then again it's possible I may have taken it for some marketing rubbish. What I can be sure of is that I didn't receive a letter of appropriate gravity to get my attention, nor have HSBCMS followed up the matter which in my book still amounts to a failure in communication given the importance of the subject. 

Thursday 14 June 2012

Online Backup - a Cloud With a Silver Lining

There’s a lot of talk about ‘The Cloud’ these days, despite the fact that many people are a little hazy about the meaning of the expression. For those who don’t already know, the Cloud a metaphor for the Internet which we all use already – what people are really referring to are cloud services, which is to say products that use the internet for both for service provision and data storage. This can be something as simple as Hotmail which has been around for ages, and keeps an effective backup of your emails on-line, all the way through to complex business solutions such as  Salesforce which give you feature rich tools within your browser.

What they all have in common is that they keep your data stored safely online so that if disaster strikes you can still access it even if your laptop is at the bottom of your swimming pool.

As a business we deal with a great deal of data loss and see first-hand the distress that this can cause our customers, and we have been pushing online backup as our preferred backup solution for some time as it separates you data from your computer – backup drives are great too but they usually sit next to your laptop or PC and a fire or a theft can mean the loss of both.

For a long time we recommended Mozy, but a few months ago we stopped using them because we received several complaints from customers who had been charged for renewals on their credit cards despite having stopped using the service. Mozy’s small print is quite clear about the fact that the subscription will automatically be renewed, but who can remember what they read a year previously? They could send out renewal reminders by email as most other companies we work with do, but instead they opt to inform you by means of your credit card bill. One customer was incensed as she had traded in her old laptop for a Macbook (with iCloud backup) a year and a half previously and had been billed twice even though Mozy must have been aware that the computer hadn’t once connected to their servers in that time. Mozy were refusing to offer her even a partial a refund for the remaining portion of the service that she wasn't going to use. How hard can it be to send out reminder warnings, or, if a computer hasn’t backed up in ages, firing off an email asking the customer if they still require the service? So I’m pointing my finger directly at Mozy and accusing them unethical conduct.

For on-line backup we now recommend Livedrive which allows us far more control over the backup options. Unlike the current Mozy products we can offer unlimited backup, and we also have a great deal of freedom over the level at which we set the pricing. Best of all is that it’s an evolving product; we’ve seen it go from good to better and the developers aren’t sitting on their laurels with new features constantly in the pipeline. At present we are trying their Briefcase feature which offers online workgroup sharing features, and unlike the 100GB limit of DropBox which we currently recommend we can store up to 2TB of data. we’ll keep you informed of our progress…

We’re presently offering a year's unlimited Livedrive backup for £39.99, so contact us if you want to know more!