Today The Official Merchant Services Blog marks the triumphant return to the timely topic of PCI DSS and cardholder data security. This tantalizing topic has been touted time and again in the peerless pages of our payment processing chronicles.
Days of Future Past
The crafty criminals that defraud, hack and swipe courageous consumers for their cardholder data are a constant concern for the entire credit card processing and data security sector. The industry has to be ever vigilant in its commitment to curb the high tech criminal activities and keep that cardholder data safe.
Retailers need to be eagle-eyed when it comes to defending data and securing customer information. They also need to be prepared for disaster, with a protocol-based plan of action for the worst case scenario — the dreaded data breach. But none of these advance preparations will save a merchant from data breach dangers if the merchant is unaware of PCI DSS, what it all means and what the requirements for PCI Compliance are.
The misdirection and misinformation out there about the process of PCI Compliance has led to complacency among many merchants. Face front true believers, we’ve even expressed the fantastic facts and figures to support merchant apathy regarding PCI Compliance in previous published purveyances of PCI related blogs.
The media gloms onto the gargantuan headlines of something as garish as a Global Payments data breach and the searing spotlight of data security dazzles the masses with the terrifying tidbits of these capricious crimes. But the nature of the crime has the danger spreading to small business merchants more and more frequently in the past few years. In fact, this article from Convenience Store Decisions, it is suggested that the heinous hackers and nefarious fraudsters are backing away from the big fish and targeting the smaller retailers with easier to breach defenses.
The CS Decisions scribe John Lofsock posits that one of the prime reasons for this shift can be pinpointed to an alteration in the criminals’ own dastardly demographics. Today’s hacker is becoming less the angst ridden, misunderstood teenager with whiz-bang keyboard and coding powers and turning into a far more treacherous group of villains. As the article puts it, “When hackers run up against businesses with sophisticated information technology and up-to-date security, they’ll turn to easier systems, including those of small non-profit agencies and family businesses.”
So what does a merchant do? The hale and hoary Host Merchant Services PCI Compliance pioneers readily suggest utilizing their very own PCI Compliance Initiative. PCI Compliance is a fantastic foundation for top notch transaction security. The superlative standards and powerful protocols set up by the powers that be on the PCI-DSS Council are a forceful first step any enterprising merchant needs to take to protect their data. This is why helpful Host Merchant Services offers a power-packed PCI Compliance Initiative that gets merchants quickly and seamlessly up to speed.
Add to that amazing Initiative the second step that Merchants can take to shore up their security: Host Merchant Services Data Breach Security Program. Click that link to download a PDF explaining the value-added service HMS provides its merchants that goes above and beyond just simple PCI Compliance and helps ensure a merchant’s peace of mind. This program offers data breach insurance.
The article from CS Decisions quotes Trinette Huber, of Sinclair Oil Corp. in Salt Lake City as saying “as a merchant, I can go through all the steps to do this and do it in good faith, and yet if I have a breach — which is entirely possible — the PCI council will say I wasn’t literally compliant.”
This is where breach insurance comes into play true believers. The Data Breach Insurance that cutting edge and customer-oriented companies like Host Merchant Services offers can curb the pernicious penalties that merchants face when a breach occurs. As we’ve stated time and again here on The Official Merchant Services Blog, security only begins with PCI Compliance. It’s a never-ending battle for safety, justice and the power of payment processing. Merchant Services providers need to work in conjunction with merchants to stay out in front of any and all security issues. And even then, disaster can occur, so a solid data security plan will have backup protocols like data breach insurance.
The CS Decisions article also quotes Huber as saying that PCI “is asking thousands of merchants to do something (the credit card companies) should be doing themselves. They should be fixing the magnetic stripe (in credit/debit cards) so it’s not something that can be easily stolen, instead of asking merchants to fix (the security issues) for them.”
That concern right there is why Visa has been pushing so hard for its EMV chip program with newer, more secure smartcards that have worked so well in Canada and Europe. Huber is noted in the article for describing the overbearing cost that the switch to EMV could entail for small business owners, as well as the fact that the EMV chips have been in place for decades and have already had data compromised before.
So if not EMV, Then What?
Will no canny crusader for competent credit card processing and dependable data transfer step up to take the challenge presented by the PCI DSS? John Lofsock, the audacious author of the article we’ve been analyzing, thinks that Point to Point Encryption (P2PE) might be the champion the industry needs. This tantalizing technology that is newer than EMV chips apparently ensures that credit card data is protected from the moment it is swiped all the way through to the nanosecond it arrives with the payment processor. This could curry favor with retailers because it completely eliminates the need for the retailer to secure cardholder data, as the retailer never has possession of said data.
The real boon, as noted by Lofsock, is that the P2PE method will make it much cheaper for merchants to be PCI Compliant by removing the need for merchants to deal with network segmentation and other costly and time-consuming parts of the compliance process like the audit.
It is noted that PCATS and PCI are preparing future standards that deal with P2PE so it is on their radar.
In the meantime, Host Merchant Services continues to offer the lowest PCI Compliance rates in the industry, as well as a vigorous PCI Compliance Initiative that seeks to inform and educate everyone interested as to the details of the process, step-by-step.