January 2, 2014
Article courtesy of SBAM Approved Partner Veracity
The recent data breach at Target stores, where credit and debit card data for about 40 million customers was accessed, has banks and processors reemphasizing the all-important aspect of security in the world of credit and debit transactions.
As technology advances, so does the savvy of fraudsters. Cyber attacks and point-of-sale breaches are becoming more and more common, regardless of the size of the business. Merchants must do all they can in order to protect their customers – and themselves – against fraud.
Increasing the level of awareness for merchants on security issues is one important step toward reducing vulnerability. To this point, the importance of maintaining yearly PCI compliance is fundamental. Not only that, it is required by card brands in order for a business to accept payments with their cards. If not certified, merchants can incur serious fines and put themselves at risk for appearing complacent should they be threatened with a lawsuit as the result of a breach.
- is a set of standards that applies to all card scheme members; issuers, acquirers, merchants and service providers
- dictates how cardholder data may be stored, processed or transmitted; and the systems, policies and procedures that must be used for managing cardholder data
- has moved to a position of prominence and compliance must be validated on an annual basis
Regardless of PCI compliance, credit card companies are imposing fines for breaches to cover the cost of fraudulent purchases from compromised cards. Some companies, like Veracity, offer insurance against data breaches that covers many losses including fines levied by card companies, costs of audits and investigations, and replacement of compromised cards. This type of added protection can prove to be very valuable.
It is also vital merchants remain proactive when it comes to guarding customers’ data. Protecting point-of-sale (POS) equipment should be at the top of the list. Because your POS terminal records each transaction, sends transaction data to your payment processor for authorization and completion, and tracks customer preferences, it is a valuable source of information for hackers.
In addition to basic features you look for when considering which system to use – versatility, reliability and scope –there are security measures you should take to ensure the safety of the data you are processing with it.
- When you get a POS system, set your own administrative passwords immediately and change them frequently, at least every 30 days.
- Be selective about who has access to passwords. Only allow access to employees who must have it.
- POS systems that browse the internet are more susceptible to breaches. Take extra precautions.
- Never use a device that is not Payment Card Industry Data Security Standard (PCI-DSS) compliant and be sure to stay compliant by renewing annually.
- If your business has multiple locations, ensure the passwords are different at each one. Don’t make it easy on fraudsters by giving them access to all the equipment in various locations with one set of credentials.
- Check your POS device regularly to ensure that no skimming devices have been added.
There has also been a surge in card-not-present (CNP) fraud via micro attacks (card testing), shipment fraud, eCommerce fraud, identity theft and card counterfeiting.
Here is a list of common fraud schemes that affect all environments:
- Phishing — Using websites, email links, and text and audio messaging to spoof a legitimate source and trick victims into giving away confidential information.
- Social networking — Ignoring privacy settings, users post photos and personal details or follow links that lead to compromised sites.
- Malware — Infected PCs are trawled for personal information, including passwords, or used to generate bogus alerts and sign-on information. This software is also finding its way onto POS terminals.
- Skimming — Originally found on ATMs, skimming devices that steal card details are now found at gas stations, on POS terminals, and on portable devices in restaurants.
Data security is complex and ever changing, but regardless of the size of your business, it is paramount. Work with your processor to protect your business and your clients’ information.
For additional information on data security, and how Veracity can provide you with PCI compliance at no additional charge, call Veracity at 888.599.2209.