By Nicholas Cucci
Network Merchants Inc.
How could anyone forget the multiple Sony Corp. breaches that occurred over a 30-day period in 2011? This year is also gaining its share of notoriety with the recent breach of Global Payments Inc., which reportedly enabled hackers to access 1.5 million card numbers.
While this may seem like an alarming number, it is only a fraction of the 1 billion cards used in North America, according to Forbes.com LLC. Credit card data is a hot commodity because it can be used to create counterfeit cards.
In April 2012, American Express Co. sent a letter to card members about the Global Payments breach but didn't mention the target, even though the news had already been made public. An excerpt from the letter read, "A company that provides payment processing services to numerous merchants in North America has informed us that there has been unauthorized access to a portion of its processing system.
"As a result, account information of some of our card members, including some of your account information, may have been improperly accessed. The processor, or other parties, including merchants where you have used your card, may also contact you about this incident."
Visa Inc. was the first company to remove Global Payments from its list of approved service providers. Global will be certified again, but it will pay Visa more to process transactions.
First Data Corp., the largest payment processor in the United States, recently warned of emergent sophisticated trends in hacking. The company said it is seeing a substantial increase in the number of POS systems that are unprotected or only loosely protected as well.
Prominent sandwich shop franchisor Subway was recently breached, compromising data for more than 100,000 cardholders. According to the Bank Info Security website, the culprits planned the attack for more than a year before carrying it out. Attacks on payment systems are only going to increase over time.
The challenge for both ISOs and merchant level salespeople (MLSs) is educating smaller merchants on Payment Card Industry (PCI) Data Security Standard (DSS) compliance. Merchants need to understand that their systems and technology must comply with current practices to limit their vulnerability.
Neither Visa nor MasterCard Worldwide includes Level 4 merchants on its list of PCI DSS compliant merchants. This is because Level 4 merchants are not required to undergo compliance audits by qualified security assessors; the card brands assume these merchants conduct self-assessments, which apparently is not happening.
What steps can merchants, ISOs and MLSs take to cut back on data breaches and fraud? This question was posed to Roy Derby, a veteran law enforcement official and current Director of Risk Management for America's Bankcard Alliance LLC.
"The credit card processing industry is based on risk, and it's our duty and obligation to mitigate the risk for our merchants," Derby said. "One of the most overlooked and basic ways to help your merchants is prevention through education."
Being proactive is essential to reducing one's risk. One way to achieve this is through training. Most merchant sales trainees receive entry-level instructions on how to use credit card processing equipment and the definition of fraud.
Providing ongoing training is key, along with establishing policies on the steps to take when the inevitable suspicious activity occurs. The small price of keeping staff updated on the latest scams and trends can positively impact profit margin and reflect a store's reputation for zero tolerance.
When Derby explains to merchants the importance of keeping staff informed, he draws from his prior experience as a detective assigned to paper crimes (forgeries, bad checks and unlawful use of credit cards). "I always knew where the most activity was going to occur simply due to certain stores' reputations on the street as being easy," he said. "Don't be that easy target. Be the one the criminal decides to skip and move onto the next store."
ISOs can assist Level 4 merchants by:
In addition, ISOs and MLSs can share fraud-fighting techniques and trends with merchants by giving them the following advice:
Nicholas Cucci is the Director of Marketing for Network Merchants Inc., a graduate of Benedictine University and a licensed Certified Fraud Examiner. Cucci is also a member of the Advisory Board and Anti-Fraud Technology Committee for the Association of Certified Fraud Examiners. NMI builds e-commerce payment gateways for companies that want to process transactions online in real time anywhere in the world. Contact him at firstname.lastname@example.org.
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.Prev Next