Page 54 - GS140301
P. 54
Education
Help merchants Have you considered the role of the PCI Security Standards
sleep better at night Council (PCI SSC) in protecting merchants from data
breaches? In January 2014, the PCI SSC released Payment
Card Industry (PCI) Data Security Standard (DSS)
By Adam Moss 3.0 aimed at heightening the security for our national
payment-acceptance infrastructure. Disappointingly, PCI
Charge Card Systems Inc. DSS 3.0 hardly addressed mobile processing, one of the
fastest growing methods of payment acceptance. The
wning a business is no walk in the park. From update was needed and will be beneficial to all businesses.
ordering product and managing inventory However, would PCI DSS 3.0 have prevented the most
to hiring the right people to budgeting for recent breaches?
O advertising, facilities rental and maintenance,
and employee compensation, business owners have a P2PE
tremendous amount to address just to keep their doors
open and remain competitive. It seems business owners' Data security is getting complicated for payment
responsibilities are endless. Now, given the potential for professionals and business owners alike. What might help
data breaches and the compromise of customer informa- business owners sleep better at night? One technology
tion, running a business has become even harder. moving to the forefront of our industry is point-to-point
encryption (P2PE). Using P2PE offers three main benefits:
According to Privacy Rights Clearinghouse data published 1. A credit card transaction is encrypted as soon as
in January 2014 at www.privacyrights.org/data-breach, over it is swiped at the POS and remains encrypted
600 million credit card records have been compromised throughout the merchant's environment.
in the United States since 2004 – all before the recent Therefore, even if a breach occurs within the
breaches at Target and Neiman Marcus. However, we merchant's network or environment, the stolen
tend to only hear about breaches of major brands that data would be encrypted, rendering it useless.
affect a larger population. What should equally concern
us are the breaches we don't hear about. For example: the 2. When P2PE is employed, malware cannot be
local restaurant whose POS system was compromised by placed on a POS system. If any foreign application
malware; the local clothing store that processed cards via were to be placed on a POS system, the system
a high speed terminal only to learn a would stop working immediately.
port was compromised; or the online
merchant whose gateway transmitted EMV offers certain 3. Using a certified P2PE solution
data to a foreign IP address. completely removes a merchant
benefits to business from the scope of PCI compliance,
Security breaches are happening even eliminating the PCI DSS
across the world and are negatively owners, but would Self-Assessment Questionnaire
affecting companies' reputations EMV have prevented requirement.
and bottom lines. The Ponemon
Institute's 2013 Cost of Data Breach the Target and In "Make it a wonderful day,"
Study: Global Analysis found that the published in the Jan. 13, 2014, issue
business cost for a data breach in the Neiman Marcus of The Green Sheet, I urged MLSs to
United States is approximately $200 breaches? provide value to merchants rather
per compromised record. than sell on price. Helping merchants
navigate through the uncertainty
EMV and PCI of PCI, while understanding the
What can business owners do to better protect themselves, vulnerabilities and exposure brought on by accepting
and what can we, as their merchant services providers offer credit cards for payment, brings value and clarity to an
in this regard? The rallying cry over the past few years otherwise murky subject.
has been Europay/MasterCard/Visa (EMV), also known
as chip-and-PIN. In essence, EMV makes card replication So learn the pros and cons of EMV, PCI DSS 3.0 and P2PE.
much more difficult than the current mag stripe. More importantly, perform due diligence on any product
you want to sell. Not only will your knowledge help
However, EMV has several limitations. It doesn't address business owners feel more in control and protected, it will
protecting card data when it is in route to the processor; also help you build and grow your business.
protecting post-authorization storage of card data by the
merchant; or protecting against card-not-present fraud. Adam Moss is the Chief Operating Officer of Charge Card Systems Inc.
EMV offers certain benefits to business owners, but would He can be reached amoss@chargecardsystems.com or by phone at
EMV have prevented the Target and Neiman Marcus 888-505-2273. For additional information on CCS, please visit www.
breaches? chargecardsystems.com/gsadvisoryboard or the corporate website at
www.chargecardsystems.com.
54
Help merchants Have you considered the role of the PCI Security Standards
sleep better at night Council (PCI SSC) in protecting merchants from data
breaches? In January 2014, the PCI SSC released Payment
Card Industry (PCI) Data Security Standard (DSS)
By Adam Moss 3.0 aimed at heightening the security for our national
payment-acceptance infrastructure. Disappointingly, PCI
Charge Card Systems Inc. DSS 3.0 hardly addressed mobile processing, one of the
fastest growing methods of payment acceptance. The
wning a business is no walk in the park. From update was needed and will be beneficial to all businesses.
ordering product and managing inventory However, would PCI DSS 3.0 have prevented the most
to hiring the right people to budgeting for recent breaches?
O advertising, facilities rental and maintenance,
and employee compensation, business owners have a P2PE
tremendous amount to address just to keep their doors
open and remain competitive. It seems business owners' Data security is getting complicated for payment
responsibilities are endless. Now, given the potential for professionals and business owners alike. What might help
data breaches and the compromise of customer informa- business owners sleep better at night? One technology
tion, running a business has become even harder. moving to the forefront of our industry is point-to-point
encryption (P2PE). Using P2PE offers three main benefits:
According to Privacy Rights Clearinghouse data published 1. A credit card transaction is encrypted as soon as
in January 2014 at www.privacyrights.org/data-breach, over it is swiped at the POS and remains encrypted
600 million credit card records have been compromised throughout the merchant's environment.
in the United States since 2004 – all before the recent Therefore, even if a breach occurs within the
breaches at Target and Neiman Marcus. However, we merchant's network or environment, the stolen
tend to only hear about breaches of major brands that data would be encrypted, rendering it useless.
affect a larger population. What should equally concern
us are the breaches we don't hear about. For example: the 2. When P2PE is employed, malware cannot be
local restaurant whose POS system was compromised by placed on a POS system. If any foreign application
malware; the local clothing store that processed cards via were to be placed on a POS system, the system
a high speed terminal only to learn a would stop working immediately.
port was compromised; or the online
merchant whose gateway transmitted EMV offers certain 3. Using a certified P2PE solution
data to a foreign IP address. completely removes a merchant
benefits to business from the scope of PCI compliance,
Security breaches are happening even eliminating the PCI DSS
across the world and are negatively owners, but would Self-Assessment Questionnaire
affecting companies' reputations EMV have prevented requirement.
and bottom lines. The Ponemon
Institute's 2013 Cost of Data Breach the Target and In "Make it a wonderful day,"
Study: Global Analysis found that the published in the Jan. 13, 2014, issue
business cost for a data breach in the Neiman Marcus of The Green Sheet, I urged MLSs to
United States is approximately $200 breaches? provide value to merchants rather
per compromised record. than sell on price. Helping merchants
navigate through the uncertainty
EMV and PCI of PCI, while understanding the
What can business owners do to better protect themselves, vulnerabilities and exposure brought on by accepting
and what can we, as their merchant services providers offer credit cards for payment, brings value and clarity to an
in this regard? The rallying cry over the past few years otherwise murky subject.
has been Europay/MasterCard/Visa (EMV), also known
as chip-and-PIN. In essence, EMV makes card replication So learn the pros and cons of EMV, PCI DSS 3.0 and P2PE.
much more difficult than the current mag stripe. More importantly, perform due diligence on any product
you want to sell. Not only will your knowledge help
However, EMV has several limitations. It doesn't address business owners feel more in control and protected, it will
protecting card data when it is in route to the processor; also help you build and grow your business.
protecting post-authorization storage of card data by the
merchant; or protecting against card-not-present fraud. Adam Moss is the Chief Operating Officer of Charge Card Systems Inc.
EMV offers certain benefits to business owners, but would He can be reached amoss@chargecardsystems.com or by phone at
EMV have prevented the Target and Neiman Marcus 888-505-2273. For additional information on CCS, please visit www.
breaches? chargecardsystems.com/gsadvisoryboard or the corporate website at
www.chargecardsystems.com.
54
