PCI Data Security Standard

Fighting fraud is an ongoing battle -
Are you at Risk?

It is important that merchants implement proper safeguards to prevent fraud. The primary threat has to do with your POS system connected to the internet and your network environment. If your POS system is connected to the Internet, hackers can compromise computer networks within your location to steal cardholder data!!

Don't think it will not happen to you. Merchants just like you are getting compromised and it is putting their business at risk. Please protect yourself, your business and your customers data.

Please act now to secure your system and comply with the Payment Card Industry Data Security Standards.

The Financial Risk of a Breach

Did you know that you are liable for data you have? Are you aware that hackers are testing your security every day? The sophistication of fraudsters and the methods they employ increase all the time. The threat is becoming increasingly organized, international and professional. As awareness of protecting financial information grows, all stakeholders in the payment system are concerned about preventing identity theft, database hacks, card skimming, phishing and other fraud schemes that surface.

If full mag-stripe data is stored on your system's hard drive or log files and this data is stolen from your system, criminals can manufacturer counterfeit cards and use these counterfeit cards at stores to buy electronics, jewelry, etc. and you are responsible for these fraudulent card sales performed at other stores! These compliance chargebacks can quickly add up in the tens, even hundreds, of thousands of dollars. So until the card acceptance rules change (which Vantage is strongly lobbying for) your business is not only responsible for chargebacks on sales you make but for chargebacks on fraudulent sales made at other merchants with stolen card data from your system!

A hacker can mine cardholder data from your system for days, weeks, or months, then wait a year or more before using the stolen data. Once the stolen cards are used, a sophisticated Compromised Account Management System will track them back to a common place of purchase. As the rules & regulations now stand, once your business has been identified as the compromised location, YOU are responsible for the costs of a POS forensics exam, remediation, mandated security monitoring, fines and chargebacks!

You only have to read the newspaper headlines to understand the negative consequences of data compromise.

  • Adverse media publicity
  • Loss of consumer confidence & damaged reputation
  • Increase cost with exposure to notification expenses and liability litigation

With consumers looking to place blame for compromised data, the public impact is an outcry for legislation. The federal government is looking at notification laws for security breach, with a greater interest in what merchants are doing to protect data.  Ultimately, it is the merchant's responsibility to make sure their payment system is secure and that they are following the Data Security Standards laid out by the Payment Card Industry.

Contact your business insurance provider and ask them about a comprehensive data compromise rider to cover you in case of a breach.

What to Do If Compromised

In the event of a security incident, merchants must take immediate action to investigate the incident and limit the exposure of cardholder data. Please notify us right away. The following steps used in conjunction with the instructions in Visa's What to Do If Compromised document should be adhered to in the event of a security incident. These steps include:

  • Immediately contain and limit the exposure
    • Isolate compromised systems (do not log on to or access systems)
    • Preserve evidence for forensic investigation
    • Work with your internal information security and incident response team
    • Keep a log of all actions taken and follow the chain of custody control
    • Be on high alert and monitor traffic on all systems with cardholder data
    • Notify local law enforcement
    • Consult with your legal department regarding state and federal notification laws