Wednesday, July 7, 2010

Protect your Customer Data


We live in an age of cyber crime. The incident rates of reported cyber crimes are exploding. One segment of this growing criminal industry is the organized effort to steal customer account data to be sold for fraudulent purposes. The level of sophistication and adaptability of these illicit enterprises is nothing less than astonishing. The cycle of innovation in attack methodologies as the criminals reengineer their processes and develop new tools, keeps the full time security analysts in a constant game of cat and mouse.

As a merchant whose business depends heavily on electronic fund transfers to transact every day (roughly two-thirds of all retail transactions), the security of your POS system needs to be a primary concern. Who is accessing the system? What do they have access to? Are they able to do anything that could potentially compromise your customers’ account data, such as getting on the internet and checking email? These types of activity in a POS environment expose your system to potential malware attacks that can lead to an account data breach. To protect their consumers the Payment Card Industry (PCI) got together and developed a Data Security Standard (DSS) mandating all merchants secure their networks and protect cardholder data. If compromised card data is traced back to a specific merchant’s business, they are responsible to comply and pay for the forensic investigation and remediation to address the breach. Heavy fines can be levied and in a worst case the merchant is kicked off the debit networks: no more electronic fund transfers. Assuming the business survives an investigation with EFT processing intact, the bad public relations and loss of customer confidence itself can be costly to restore.

As a business relying greatly on the ability to process electronic fund transfers, you don’t want to be at risk of having your POS system compromised. All merchants are expected to be in compliance with the PCI DSS. Some of the first steps to accomplishing compliance is protecting your system from intrusions and restricting access to only authorized personnel performing only business operations. Find out who is accessing your systems. What are they doing? Remember, your business may depend on it. To find out more about PCI DSS visit http://www.pcisecuritystandards.org/.