Are You Careless with Passwords?

You are here:

Home
PCI Compliance
Are You Careless with Passwords?

July 16, 2014PCI ComplianceBy TrustCommerce Staff

The Payment Card Industry (PCI) Security Standards Council (SSC) has launched a new awareness initiative, Passwords for Payments (P4P), aimed to educate small businesses on utilizing effective password protection.[1] Small merchants are prime targets for data thieves and password protection is one component of a comprehensive security strategy.

Did You Know?

60% of small businesses close six months after experiencing a breach, according to PCI SSC.
Easily guessed passwords or weak passwords on payment systems are a primary method used by hackers.
Basic steps can reduce chances of breach

While the PCI SSC efforts are focused on small merchants, everyone can benefit from reexamining their password practices. Why? The most common password used by global businesses is “Password1”, according to the Trustwave 2013 Global Security Report.[2] Further, of the three million user passwords analyzed in the study, 50% of users were using only the basic minimum requirements.

What Can You Do?

Start following some common sense best practices. Passwords are often compromised because they are easy to guess by humans or programs, users write them down making them subject to exposure, or they are stored or transmitted in plaintext. To guard against these weaknesses, consider following these recognized best practices:

Never leave an industry set default password in place on service accounts or systems, including POS terminals. Ever.
The PCI SSC recommends passwords that are at least seven digits long and include a combination of letters and numbers.
The longer the password the better. The more characters in a password, the greater number of combinations possible. Consider using a long passphrase.[3]
Don’t use the same password for all your accounts.
Change your password with some frequency.

Worth the Effort

Something as simple as having strong password controls can have a positive impact on the security of your organization. Make the effort to adhere to best practices to ensure the proper set up, care, and handling of passwords. If you don’t, you risk wishing you had.

As Chairman of the Homeland Security Advisory Council, William H. Webster said,
“Security is always seen as too much until the day it’s not enough…”

If you found this article helpful, read this recent post on protecting your organization from a security breach.

[1] http://www.v3.co.uk/v3-uk/news/2349799/pci-security-standards-council-calls-for-payment-password-revamp
[2] http://www2.trustwave.com/rs/trustwave/images/2013-Global-Security-Report.pdf
[3] http://www.computerweekly.com/tip/Password-security-best-practices-Change-passwords-to-passphrases

PCI Compliance

South Carolina Marks a First in Insurance Data Security Law
November 30, 2018

Meet TrustCommerce at HIMSS18 – Booth #11320
January 29, 2018

Prepare for PCI Validated P2PE
March 23, 2017

Facebook

Twitter

“We worked with TrustCommerce to develop an application to help our 13 Freightliner dealerships process ‘card not present’ transactions in a more secure manner using TC Trustee Premier. The product they developed is AWESOME and meets our needs in every way. We find the TrustCommerce crew to be top-notch in every way! They are super creative, very knowledgeable and always, always responsive to our emergency needs.”

Corporate Credit Manager, Truck Centers, Inc
The Query API provides real time results of our payment information. It updates our custom fields so our customer invoice system is automatically updated. This is an incredible efficiency for us that no other provider offered.
Although the City had a complex set of requirements, TrustCommerce solutions are built for ease of integration leveraging the TC Link^® API, long-standing system integration partners, and a comprehensive set of payment solutions.
Because sensitive payment data does not enter their systems, the Convention Center is able to reduce PCI DSS scope and liability.
“We have been very happy. One benefit has been the ease of refunding or voiding credit card payments, which we do not have with the City’s primary processor.”

Parking Services Manager
“Everyone at TrustCommerce, from our Account Manager to the Customer Service and Technical Support groups, has always been very diligent and responsive when working with our staff to identify and formulate well thought-out, professional solutions to any issues we identify. We unequivocally recommend TrustCommerce’s services to any entity in need of payment processing solutions.”

Treasury Manager, City of Tacoma, Washington

►2019 (4)
- ►April (1)
- ►February (2)
- ►January (1)
►2018 (13)
- ►November (1)
- ►October (1)
- ►July (3)
- ►June (3)
- ►May (3)
- ►April (1)
- ►January (1)
►2017 (20)
- ►December (2)
- ►November (2)
- ►October (1)
- ►September (2)
- ►August (1)
- ►July (2)
- ►June (1)
- ►May (1)
- ►April (1)
- ►March (2)
- ►February (1)
- ►January (4)
►2016 (23)
- ►December (3)
- ►November (2)
- ►October (1)
- ►September (2)
- ►August (1)
- ►June (5)
- ►May (3)
- ►April (1)
- ►March (2)
- ►February (1)
- ►January (2)
►2015 (36)
- ►December (1)
- ►October (3)
- ►September (6)
- ►August (2)
- ►July (2)
- ►June (4)
- ►May (4)
- ►April (5)
- ►March (4)
- ►February (5)
►2014 (25)
- ►December (2)
- ►November (1)
- ►October (1)
- ►September (1)
- ►August (2)
- ►July (3)
- ►June (3)
- ►May (4)
- ►April (2)
- ►February (4)
- ►January (2)
►2013 (24)
- ►December (1)
- ►November (3)
- ►October (3)
- ►September (2)
- ►July (3)
- ►June (1)
- ►May (1)
- ►April (1)
- ►March (3)
- ►February (5)
- ►January (1)
►2012 (12)
- ►June (4)
- ►May (1)
- ►April (2)
- ►February (2)
- ►January (3)
►2011 (24)
- ►December (2)
- ►October (1)
- ►September (4)
- ►August (5)
- ►July (1)
- ►June (3)
- ►May (2)
- ►March (2)
- ►February (2)
- ►January (2)
►2010 (7)
- ►December (1)
- ►November (2)
- ►October (1)
- ►September (1)
- ►August (2)

Are You Careless with Passwords?

Did You Know?

What Can You Do?

Worth the Effort

Speak with Sales