GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View PDF of this issue

Care to Share?


Table of Contents

Lead Story

PCI: Is it working?

News

Industry Update

FACTA shatters credit, debit card myths

Frontier takes nose dive

Diners Club on Discover's menu

Wish for dying kids takes flight

Features

Interchange fees and ATM usage

Travis K. Kircher
ATMmarketplace.com

ISOMetrics:
PCI Timeline

Industry Leader

Anna Solomon –
Parent, president, payments advocate

Views

Going green ain't always cheap

Patti Murphy
The Takoma Group

IP yea, dial-up nay

Scott Henry
VeriFone

Smack those hackers down

Ben Goretsky
USA ePay

Education

Street SmartsSM:
Go from middlin' to marvelous

Jason Felts
Advanced Merchant Services

Factors of FACTA compliance

David Mertz
Compliance Security Partners LLC

POS hardware: Lemon or dream machine?

Dale S. Laszig
DSL Direct LLC

Marketing in compliance

Nancy Drexler
SignaPay

Strategizing for ISO growth

Lane Gordon
MerchantPortfolios.com

Company Profile

U.S. Merchant Systems

New Products

Cut out the transaction fat

Slim CD
Company: Slim CD Inc.

Customer stickiness with a single swipe

SingleSwipe
Company: Chockstone Inc.

Inspiration

MLS reloaded

Departments

Forum

Resource Guide

Datebook

A Bigger Thing

The Green Sheet Online Edition

April 28, 2008  •  Issue 08:04:02

previous next

Smack those hackers down

By Ben Goretsky

Before I entered the payments industry at the age of 18, I was an inquisitive young man who enjoyed playing with computers - primarily with other people's computers through mine.

The landscape for hacking, cracking, phreaking or whatever term used was constantly changing, and it's the same today.

Our industry has always been concerned with hackers gaining access to payment gateways or merchant Web sites.

And this has influenced the way gateways and e-commerce, in general, evolved - first with such security measures as Visa Inc.'s Cardholder Information Security Program and MasterCard Worldwide's Site Data Protection and later the Payment Card Industry (PCI) Data Security Standard (DSS).

At the same time, we appear to have overlooked the fact that credit card processing over the Internet is just one of many methods of accepting credit cards. We now are feeling the backlash from having neglected security for other sectors our industry serves.

In the past few years, major security breaches within the payments arena haven't been related to Web sites, payment gateways or e-commerce. In fact, recent cases have been associated with the brick-and-mortar retail side; prime examples are Hannaford Brothers Co. and TJX Companies Inc.

I recently read an article in 2600 (a quarterly magazine geared toward hackers that is available at most local newsstands) on how to obtain the full card number from a purchase completed at one of the nation's major computer stores.

I am not sure if the store in question is aware of the article, nor do I understand why such a large entity is allowed to store its credit cards in the manner described in the article.

I may not be as in touch with the hacker world as I was in the past, but I do know when one door for a thief closes, several more quickly open.

The payments industry must focus its security efforts on all types of businesses that accept payments cards. As much as the PCI DSS continues to emphasize security modifications and additional requirements for e-commerce merchants, much remains to be done in other merchant segments.

Most of us remember when we would turn on the television and watch news stations broadcast warnings about shopping online; they stated hackers had a better chance of intercepting customers' card data through the computer than by other means. But the tables are slowly turning: The retail industry is now the prime target.

Unless something is done soon to barricade the doors where hackers gain access and steal information from traditional retailers, news anchors could be warning consumers that shopping at brick-and-mortar stores is no longer secure. If we don't take action now, cardholder data may never be safe. And our industry will be to blame.

Ben Goretsky is the Chief Executive Officer and head of IT Development at USA ePay. He has been working with his brother Alex since they started the company in 1998. E-mail him at ben@usaepay.com or call him at 866-872-3729, ext. 350.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | USAePay | Impact Paysystems | Electronic Merchant Systems | Board Studios