By now all merchants should understand the importance of securing cardholder data. Like other industry leaders, Vantage has been communicating constantly the need for merchants, particularly those using any type of PC based point of sale payment system connected to the internet to accept credit and debit cards, to secure their systems and networks and comply with the Payment Card Industry Data Security Standards.
Our intent with this blog entry is to make clear to the merchant community the full financial risk of a breach. If mag-stripe data is stored on your system's hard drive or log files and this data is stolen from your system, criminals can manufacturer counterfeit cards and use these counterfeit cards at stores to buy electronics, jewelry, etc., and you are responsible for these fraudulent card sales performed at other stores! These compliance chargebacks can quickly add up in the tens, even hundreds, of thousands of dollars. So until the card acceptance rules change (which Vantage is strongly lobbying for) your business is not only responsible for chargebacks on sales you make but for chargebacks on fraudulent sales made at other merchants with stolen card data from your system!
A hacker can mine cardholder data from your system for days, weeks, or months, then wait a year or more before using the stolen data. Once the stolen cards are used, a sophisticated “Compromised Account Management System” will track them back to a common place of purchase. As the rules & regulations now stand, once your business has been identified as the compromised location, you are responsible for the costs of a POS forensics exam, remediation, mandated security monitoring, fines and chargebacks!
- Upgrade to a secure Payment Application immediately. Validate your specific payment application brand and version number.
- In addition to upgrading your payment software, any old storage of prohibited data must be securely deleted from all systems, databases and log files.
- Enforce network security on your POS. Insecure networks connected to the internet are prime candidates for attacks.
- Secure remote management applications like PCAnywhere. Turn on your remote management software ONLY when needed.
- A low tech alternative is to process your card payments using a credit card terminal not tied to your POS network.
If your system is connected to the Internet, hackers can compromise computer networks within your location to steal cardholder data!! Don't think it will not happen to you. Merchants just like you are getting compromised and it is putting their business at risk. Please protect yourself, your business and your customer data.
More resources available at http://www.vantagecard.com/resources/PCI_Data_Secrity.html.