Risks of card charging for small retailers, according to PCI SSC

Small commerce is the real economic engine of world trade, but it is also a key driver of the world’s economy. priority objective in terms of the security of card payment systems The number of attacks that take place every year against e-commerces target SMEs, and approximately half of the businesses that accept card payments have been attacked.

These are data from the PCI SSC, or the Payment Card Industry Security Standards Council, i.e., the entity that oversees secure card payments. This Council has identified the six main risks to which the small merchant is exposed when using plastic money, whether physically, by telephone or over the Internet.


Malware is malicious software, i.e. a program or code that penetrates a computer system to, in this case, steal private financial information, such as bank account passwords.

Within malware (which is the computer virus of a lifetime), ransomware, which “kidnaps” data, preventing its legitimate owner from accessing it unless a ransom is paid, has been on the rise lately.


Impersonation of a trusted third party is never done with good intentions. Whether digitally or by telephone (so-called vishing), it is relatively easy to fall into error and give data to the wrong person.

It is usually the end customer who falls for this type of scam, but small business owners should also be on the lookout for e-mails or calls from supposed suppliers or authorities requesting sensitive information.

Remote access

Remote access is a great help for our suppliers to update our software or give us technical support remotely and automatically (especially for small businesses, without their own resources for this type of tasks).

Unfortunately, it is also an open door through which cybercriminals can sneak in and gain access to our customers’ data, carry out fraudulent purchase transactions, etc. Secure and robust remote access is essential.

Weak passwords

Another typical Achilles heel of small businesses; according to VERIZON, 80% of security breaches involve stolen or cryptographically weak passwords.

It never hurts to remember the basics about passwords: don’t keep default passwords; don’t use easy passwords (“123456”); don’t write them down or share them; change them regularly.

Outdated software

Continuing with the metaphor of biological viruses, computer viruses do not stop evolving either, in a constant race against firewalls and antivirus programs (the “drugs” of the metaphor).

It is not hard to imagine what happens when a virus encounters an old or outdated computer program; this software does not have the necessary defenses to protect the system, and…


Although skimming is a lesser evil when it comes to card payments over the phone, it is worth remembering that physical card reading devices can harbor unpleasant surprises if they have been tampered with. 

The result: counterfeit cards, illegal purchases and a loss of credibility and trust on the part of customers that can be fatal. A compelling reason to secure our credit card billing system against the “bad guys”…

Buy and sell by phone, but secure!

At PAYby CALL we make sure that card payments and payments by phone are totally secure for both the company and its customer; our PCI-DSS level 1 certification is the best proof of this.

Learn about our service