Tuesday, November 26, 2013

Merchant Credit Card Cyber Attacks

I've posted before about malware designed to capture credit card information from your stores point of sale system, it also appears that cyber criminals are attacking multi-location retails stores to steal multiple pieces of credit card data.

Multiple credit card cyber attacks specifically targeting Rosauers, Yokes, Super One and Trading Company. Link to the full article: http://www.ktvb.com/news/business/Rosauers-warning-customers-following-credit-card-fraud-attack-233388291.html

Merchant Services Best Practices - this is what point of sale technicians advice me related to credit card security and your retail point of sale system:

  • Make sure that the point of sale system is not on the same network as other networks in your store (separate routers, Internet access, passwords, etc.) 
  • Change all passwords every 60 days and make sure that the passwords contain letters, numbers, and special characters.
  • Use business class network equipment (ie. - not the $99 wireless router that Best Buy sells).
  • Make sure that your point of sale software and anti-virus software is kept current.
  • Check to see what type of credit card swipes, pin pads, and signature capture pads can be used with your point of sale system - newer and more secure equipment might be available.
  • Make sure that you follow the rules related to what types of credit card information you can keep "on file" (see your merchant services agreement for more information).
  • Use a IT company to make sure that your network and firewall settings are at their highest.
  • Make sure that you are doing your required PCI scans.
  • Consult with an IT professional or your point of sale partner/dealer for a more complete "best practices" list.
I realize this requires a modest investment (likely $500 or less, depending on the size of your retail store) but would you rather face these options if someone is able to steal credit card information from your point of sale system:

  • Fines in excess of $10,000 for not meeting credit card security standards.
  • Loss of revenue from customers (past, present, and future) knowing that your system was "hacked".
  • Loss of revenue due to your business no longer being able to accept credit cards (which could be a long term sanction from MasterCard/Via).
This is not a scare tactic from MasterCard/Visa - it is the reality of accepting credit cards in today's retail environment.

No comments:

Post a Comment