Customers worry about theft of their data.
You should worry about business fallout.
More than 340 million computer records containing sensitive personal information have been involved in security breaches in the U.S. since 2005.1 Now criminals are shifting sights to small merchants because many have lax security for cardholder data. More than 80% of attacks target small merchants. If you are at fault for a security breach, business fallout can be severe:
- Fines and penalties
- Termination of ability to accept payment cards
- Lost confidence, so customers go to other merchants
- Lost sales
- Cost of reissuing new payment cards
- Legal costs, settlements and judgments
- Fraud losses
- Higher subsequent costs of compliance
- Going out of business
What data thieves are after
The object of desire is cardholder data. By obtaining the Primary Account Number (PAN) and sensitive authentication data, a thief can impersonate the cardholder, use the card, and steal the cardholder’s identity.
Sensitive cardholder data can be stolen from many places:
- Compromised card reader
- Paper stored in a filing cabinet
- Data in a payment system database
- Hidden camera recording entry of authentication data
- Secret tap into your store’s wireless or wired network
Defining “sensitive cardholder data”
Everything at the end of a red arrow is sensitive cardholder data. Anything on the back side and CID must never be stored. Everything else you store must be for a good business reason, and that data must be protected. PCI DSS explains how. Read more.
1. Total records as of 10 Nov. 2009 is 340,102,273, according to the PrivacyRights.org
Click here – “Quick Guide” to the PCI Data Security Standard