Uncategorized

The Dangerous Truth About How Businesses Handle Payments

Tim Demetriou

Author

October 14, 2025

Published

Let’s be honest: a shocking number of Australian businesses are still handling customer payments like it’s the late ’90s. Credit card numbers scribbled on paper. Spreadsheets full of sensitive data. Card details traded back and forth in email chains.

In an age where hackers can take down a large corporation’s infrastructure with a basic laptop, is this really how businesses should be storing customer payments?

This highlights the importance of PCI compliance for wholesale suppliers. Not using a PCI compliant system is not just outdated – it’s dangerous, non-compliant, and many business owners don’t even realise they’re sitting on a ticking time bomb.

The Hidden Risk Nobody Talks About

The numbers are concerning. In 2023, the Office of the Australian Information Commissioner reported that financial information was exposed in over a quarter of all data breaches. For a small or mid-sized business, a single breach costs, on average, $46,000 and that’s just the start.

Take Optus in 2022: nearly 10 million Australians had their data exposed in one of the country’s largest breaches. Or Medibank, whose sensitive health records were leaked, with fallout still dragging through the courts today.

Big corporations can absorb the costs of repayments, fines, and additional administration. But imagine a wholesale supplier with $20 million turnover and tight margins. A breach could mean hiring external consultants, lawyers, and forensic accountants, potentially crippling the business financially.

So here’s the question: why would any business keep doing things the old way?

Non-Compliant Payments: A Disaster Waiting to Happen

Picture the average wholesale supplier. Card details are taken over the phone and manually typed into a terminal; maybe even jotted down on sticky notes. Recurring details are saved in Excel, an ERP, or even on paper files that are stored away on premise.

It might not seem risky today, but data breaches come in all shapes and sizes. Not all of them are sophisticated cyberattacks. What if a thief breaks in overnight with nothing more than a $5 hammer? Or an employee leaves on bad terms but still knows exactly where you store your customers’ credit card details, with access to your ERP and spreadsheets? Or a local hacker with a cheap laptop decides to strike?

These scenarios aren’t hypothetical, they can and do happen. In fact, cybersecurity statistics show a hack occurs every six minutes in Australia.

The reality: your business is a target, and you need to protect it.

Here’s Where PencilPay Comes In

PencilPay was built to bring payments into the modern era—securely, efficiently, and with PCI compliance at the forefront. That means no more spreadsheets, no more paper forms, and no more leaving sensitive financial information exposed.

How it keeps your customers data safe:

  • Secure storage: Every card detail is tokenised and locked down in the PencilPay platform.
  • Automated billing: Recurring invoices are processed automatically from the payments saved in the system—no manual work required and fully PCI compliant.
  • Faster collections: Customers pay directly from a secure invoice link you can send them.

It’s not complicated, it’s just common sense.

Bottom Line

Non-compliance isn’t some abstract risk when it comes to payments; it’s happening right now. PencilPay gives them a way to collect payments faster, safer, and without the constant fear of a data breach.

Check out PencilPay today, your future self will thank you.