GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View flipbook of this issue

Care to Share?


Table of Contents

Lead Story

The EMV clock is running

News

Industry Update

Card acceptance at pot shops poised to rise

Verizon defends the PCI DSS

SEAA welcomes voice of payments

USPS weighs plunge into crowded GPR pool

Tradeshows usher in new payments era

Features

The Mobile Buzz: BLE, Taco Bell and the mobile cornucopia

Flexibility in work, not just in service

Views

Things are not always what they seem

Brandes Elitch
CrossCheck Inc.

High risk processing:Best bets for success

Gene Lieb
Business Financial Resources

Education

Street SmartsSM:
Four ways to leverage machine intelligence

Dale S. Laszig
DSL Direct LLC

Help merchants sleep better at night

Adam Moss
Charge Card Systems Inc.

Bolster skills before you need them

Jeff Fortney
Clearent LLC

Hiring employees – Part 2

Vicki M. Daughdrill
Small Business Resources LLC

Company Profile

Meritus Payment Solutions

New Products

Enterprising mPOS

ROAMmcm 5
ROAM

Automatic reconciliation

XiRecon
paymetric

Inspiration

Little changes, big results

Departments

Resource Guide

Datebook

A Bigger Thing

The Green Sheet Online Edition

March 10, 2014  •  Issue 14:03:01

previous next

Help merchants sleep better at night

By Adam Moss

Owning a business is no walk in the park. From ordering product and managing inventory to hiring the right people to budgeting for advertising, facilities rental and maintenance, and employee compensation, business owners have a tremendous amount to address just to keep their doors open and remain competitive. It seems business owners' responsibilities are endless. Now, given the potential for data breaches and the compromise of customer information, running a business has become even harder.

According to Privacy Rights Clearinghouse data published in January 2014 at www.privacyrights.org/data-breach, over 600 million credit card records have been compromised in the United States since 2004 � all before the recent breaches at Target and Neiman Marcus. However, we tend to only hear about breaches of major brands that affect a larger population. What should equally concern us are the breaches we don't hear about. For example: the local restaurant whose POS system was compromised by malware; the local clothing store that processed cards via a high speed terminal only to learn a port was compromised; or the online merchant whose gateway transmitted data to a foreign IP address.

Security breaches are happening across the world and are negatively affecting companies' reputations and bottom lines. The Ponemon Institute's 2013 Cost of Data Breach Study: Global Analysis found that the business cost for a data breach in the United States is approximately $200 per compromised record.

EMV and PCI

What can business owners do to better protect themselves, and what can we, as their merchant services providers offer in this regard? The rallying cry over the past few years has been Europay/MasterCard/Visa (EMV), also known as chip-and-PIN. In essence, EMV makes card replication much more difficult than the current mag stripe.

However, EMV has several limitations. It doesn't address protecting card data when it is in route to the processor; protecting post-authorization storage of card data by the merchant; or protecting against card-not-present fraud. EMV offers certain benefits to business owners, but would EMV have prevented the Target and Neiman Marcus breaches?

Have you considered the role of the PCI Security Standards Council (PCI SSC) in protecting merchants from data breaches? In January 2014, the PCI SSC released Payment Card Industry (PCI) Data Security Standard (DSS) 3.0 aimed at heightening the security for our national payment-acceptance infrastructure. Disappointingly, PCI DSS 3.0 hardly addressed mobile processing, one of the fastest growing methods of payment acceptance. The update was needed and will be beneficial to all businesses. However, would PCI DSS 3.0 have prevented the most recent breaches?

P2PE

Data security is getting complicated for payment professionals and business owners alike. What might help business owners sleep better at night? One technology moving to the forefront of our industry is point-to-point encryption (P2PE). Using P2PE offers three main benefits:

  1. A credit card transaction is encrypted as soon as it is swiped at the POS and remains encrypted throughout the merchant's environment. Therefore, even if a breach occurs within the merchant's network or environment, the stolen data would be encrypted, rendering it useless.
  2. When P2PE is employed, malware cannot be placed on a POS system. If any foreign application were to be placed on a POS system, the system would stop working immediately.
  3. Using a certified P2PE solution completely removes a merchant from the scope of PCI compliance, even eliminating the PCI DSS Self-Assessment Questionnaire requirement.

In "Make it a wonderful day," published in the Jan. 13, 2014, issue of The Green Sheet, I urged MLSs to provide value to merchants rather than sell on price. Helping merchants navigate through the uncertainty of PCI, while understanding the vulnerabilities and exposure brought on by accepting credit cards for payment, brings value and clarity to an otherwise murky subject.

So learn the pros and cons of EMV, PCI DSS 3.0 and P2PE. More importantly, perform due diligence on any product you want to sell. Not only will your knowledge help business owners feel more in control and protected, it will also help you build and grow your business.

Adam Moss is the Chief Operating Officer of Charge Card Systems Inc. He can be reached amoss@chargecardsystems.com or by phone at 888-505-2273. For additional information on CCS, please visit www.chargecardsystems.com/gsadvisoryboard�or the corporate website at www.chargecardsystems.com.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | USAePay | Impact Paysystems | Electronic Merchant Systems | Board Studios