The Green Sheet Online Edition
April 28, 2008 • Issue 08:04:02
Smack those hackers down
Before I entered the payments industry at the age of 18, I was an inquisitive young man who enjoyed playing with computers - primarily with other people's computers through mine.
The landscape for hacking, cracking, phreaking or whatever term used was constantly changing, and it's the same today.
Our industry has always been concerned with hackers gaining access to payment gateways or merchant Web sites.
And this has influenced the way gateways and e-commerce, in general, evolved - first with such security measures as Visa Inc.'s Cardholder Information Security Program and MasterCard Worldwide's Site Data Protection and later the Payment Card Industry (PCI) Data Security Standard (DSS).
At the same time, we appear to have overlooked the fact that credit card processing over the Internet is just one of many methods of accepting credit cards. We now are feeling the backlash from having neglected security for other sectors our industry serves.
In the past few years, major security breaches within the payments arena haven't been related to Web sites, payment gateways or e-commerce. In fact, recent cases have been associated with the brick-and-mortar retail side; prime examples are Hannaford Brothers Co. and TJX Companies Inc.
I recently read an article in 2600 (a quarterly magazine geared toward hackers that is available at most local newsstands) on how to obtain the full card number from a purchase completed at one of the nation's major computer stores.
I am not sure if the store in question is aware of the article, nor do I understand why such a large entity is allowed to store its credit cards in the manner described in the article.
I may not be as in touch with the hacker world as I was in the past, but I do know when one door for a thief closes, several more quickly open.
The payments industry must focus its security efforts on all types of businesses that accept payments cards. As much as the PCI DSS continues to emphasize security modifications and additional requirements for e-commerce merchants, much remains to be done in other merchant segments.
Most of us remember when we would turn on the television and watch news stations broadcast warnings about shopping online; they stated hackers had a better chance of intercepting customers' card data through the computer than by other means. But the tables are slowly turning: The retail industry is now the prime target.
Unless something is done soon to barricade the doors where hackers gain access and steal information from traditional retailers, news anchors could be warning consumers that shopping at brick-and-mortar stores is no longer secure. If we don't take action now, cardholder data may never be safe. And our industry will be to blame.
Ben Goretsky is the Chief Executive Officer and head of IT Development at USA ePay. He has been working with his brother Alex since they started the company in 1998. E-mail him at firstname.lastname@example.org or call him at 866-872-3729, ext. 350.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.