The Payment Card Industry (PCI) Security Standards Council (SSC) has launched a new awareness initiative, Passwords for Payments (P4P), aimed to educate small businesses on utilizing effective password protection. Small merchants are prime targets for data thieves and password protection is one component of a comprehensive security strategy.
Thomas Jefferson wisely said, “Never put off till tomorrow what you can do today.” When it comes to compliance with Payment Card Industry Data Security Standard (PCI DSS) version 3.0, it might be time for merchants to heed Jefferson’s advice. In a recent survey conducted by NTT Com Security aimed at assessing the awareness, acceptance, and understanding of PCI DSS 3.0, the findings were eye-opening:
- Just 30% of respondents said they have reviewed the requirements and have a plan in place.
- 41% stated they had heard of PCI DSS 3.0, but did not have a plan for compliance.
- 70% were unaware of the date by which they need to be PCI DSS 3.0 compliant. 
The short answer is – VERY important. The fact is, the better your technical and infrastructure defenses are, the more likely it is that a social engineering attempt will be made on your people.
In 2013, over 89% of breaches and data loss incidents were deemed preventable through security awareness and execution programs. More relevant, 60% were the direct result of social engineering and other attacks that began with employees that had no substantial access to data. Put another way, 60% of the over one billion records lost in 2013 were the result of employees.
We see signs every day that inform us about safety measures an organization is taking. We have all seen these examples:
- “Premises protected by video surveillance.”
- “This vehicle stops at all railroad crossings.”
- “Driver carries less than $100 in cash.”
- “Caution: Wet floor”
These types of signs are common in business. They show customers, partners, and employees what’s being done to protect the business and help reduce the organization’s risk and liability.
EMV (Europay, Mastercard, Visa) has been on everyone’s radar for a while now, but recent data breaches and impending deadlines is making EMV a top priority for merchants.
What is EMV?
EMV® is a global standard for secure credit and debit payment cards based on chip card technology, already in use throughout the world. Also referred to as chip and PIN or chip and signature, EMV-capable bank cards feature an embedded microprocessor chip that contains the cardholder data.
As if the recent data compromises affecting more than 115,000,000 cardholders among Target, Neiman Marcus, Michaels, Aaron Brothers, Marriott and Sheraton, to name a few, are not enough, experts are predicting data breaches may increase in 2014. Are your payment security measures as strong as they could be? Wash away all the marketing hype and hyperbole, and learn why TrustCommerce clients rest well, knowing that their customers’ data is secure. These best practices protect payments and reduce the risk and liability associated with accepting electronic payments.
Healthcare organizations must be aware of vulnerabilities when accepting electronic payments and be proactive about protecting against them. Whether it is an individual employee who steals a patient’s payment card information or a large-scale cyber-attack, compromised data is costly. According to Ponemon Institute’s 2013 Global Cost of a Data Breach, Healthcare experiences the most costly data breaches at $233 per lost record; pharmaceuticals rank third at $207. Couple that with damage to brand and reputation and it is easy to see how difficult it can be to recover from a breach.
Those new to electronic payment processing often ask, “Why do I need a payment gateway?” It’s a great question and this article will help explain.
In order to process electronic payments such as credit cards, debit cards, and ACH/electronic check payments, merchants work with payment gateways. A payment gateway sends the electronic payment data to a processor/acquiring bank that routes the payment securely to the issuing bank. A payment solution handles this complex workflow in mere seconds. An issuing bank maintains the consumer’s credit card account and pays out to a merchant’s account when the consumer makes a credit card purchase.
The gateway can be one piece of an overall payment solution. TrustCommerce payment solutions include gateway functionality, and much more.
Merchant who store, process or transmit cardholder data, must be compliant with the PCI Data Security Standard. More often than not, PCI DSS Compliance is a starting point for protecting payments, not an achievement that can be crossed off a check list.
Headlines remind us of the ongoing risk of data compromise. A franchising company is the latest example. According to the company’s press release, an internal forensic investigation, launched after fraudulent activity was found on several payment cards that had been used at the company’s locations, identified suspicious files, including malware, on the licensees’ computer systems at 108 locations in 10 states. The franchising company is concerned that the suspicious files could indicate that an attacker(s) may have accessed data, including credit and debit card information. It is yet to be determined whether credit or debit card data was exposed.
To help you better understand how TrustCommerce’s security products could have helped prevent this “malware” attack, here are some key points.
What’s New at TrustCommerce? A Lot!
It is midway through what is shaping up to be another big year for Trust. As always, we are focused on advancing our TC SMART Products, specifically in the area of E2E/P2P encryption and tokenization. It’s fun to pioneer new innovative offerings, better to improve upon those innovations, and even more rewarding to offer the best in the industry.
You already know we’ve completed our migration to the new TC Vault! Throughout this transition, we’ve implemented many functional improvements. This new interface provides a foundation for rapid customization and enhancement. Built and designed from a customer-centric perspective, it maintains this core value from login to log-out. From the outpouring of positive responses we’ve received, we are thrilled our merchants love the new TC Vault as much as we do.