Security + 601 PCI DSS
-
For small business owners who uses Square, PayPal and other card payment processors...Who takes responsibility for data breaches of the small business owner customers?
In example, if a small business owner uses Square to process payments, if a data leak happens, is it the business owner or the Square company responsible for law suites, fines, etc...
I am sure this answers probably should be directed to Square or the other companies...I just had the thought while watching the video from Regulations, Standards, and Frameworks...
The thought came from the aspect of having to use my CC at business places that uses Square and alike...If my data was compromise who do I go after?
-
Like everything else on the Security+. There is never a true "right" vs "wrong" really just a best answer. This is because, many scenarios provide a part of the solution and every scenario needs a full solution too. So the answer lies in the fact of...the Contract, Warranty, and Indemnity. You must look at the agreement and see what and how Square, Paypal et al. word how they protect the data and deal with those breaches. Having said, that those companies, should and usually, tell their customers about their breaches before they make it known to the public...if they have a chance to do so. They will let you know, what happened, when, severity, what they are doing about now and what they are doing to protect data in the future, and what do you need to do if suspect a data breach through their system.
-
Ronnie - Thank you for the quick response, I understand all, solid feedback.