On September 5, an Ohio Wal-Mart employee received a phone call from a man claiming he worked for the retail giant’s IT department. Authorities claim that the caller instructed the associate to activate gift cards and give him the authorization codes which he used for more than $11,000 in online fraud purchases.
The breach, which authorities are still investigating, raises the issue of employee training as an important part of meeting the PCI DSS requirements. More specifically, Requirement 12 details the necessity of a strong security policy to set the security tone for a company and inform employees what is expected of them.
From the PCI DSS-
“All employees should be aware of the sensitivity of data and their responsibilities for protecting it.”
Addressing Requirement 12, SecureConnect provides merchants with an Information Security Policy (ISP) template to define procedures, guidelines and practices for handling and using information. Guarding the most valuable assets within a company, the ISP is essential to developing a proactive information security strategy and educating employees of its importance.
In addition, SecureConnect provides Security Awareness training resources, which assist merchants with the education and training of employees on PCI compliance and security issues in an effective, time-efficient manner. Topics covered in the training include policy and procedure education, how to handle confidential information and who to contact if an employee identifies a security risks.
As a full-service solution, SecureConnect helps merchants maintain network security and meet PCI requirements through customized packages and specialized validation tools. Unique in the industry, the fully-managed solution allows merchants to address PCI through a single vendor, saving time money and frustration.
Two golf courses and a restaurant in the Lincoln area announced this past Friday in a news release that they uncovered a security breach that resulted in more than 200 credit cards being stolen.
Lincoln Police Chief, Tom Casady reported that they are unclear of who the perpetrators are, how far back the breach stretches and how many people were affected. There have already been 225 reports of credit and debit card fraud that are believed to be connected to the incident. Authorities are also unsure of how the hackers were able to retrieve the customer information.
“I’m hopeful that we’ll be able to find out more information about this as time goes on,” Casady said. “We’d like to pin down exactly how the security breach occurred.”
With so many data and security breaches broadcast in the media recently, businesses must address security and PCI compliance needs to protect their customers and themselves from the rising number of threats. The following list details several areas that should be addressed when securing your business environment.
• Operations: In order to meet PCI requirements and address daily operational security procedures, you must have defined guidelines and practices for handling and using information within your organization. Employing a company like SecureConnect can help streamline this process and ensure compliance with these requirements.
• Point of Sale (POS): Because POS systems are used to store, process and/or transmit cardholder data, businesses must ensure that necessary security measures are in place on to support compliance with the PCI DSS. Merchants should contact their Payment Application vendor to make sure that the system is PCI compliant.
• Network Security: Many PCI requirements address the need for network security and expect a thorough examination of your organization to maintain a secure environment. Employing a single-source vendor like SecureConnect can provide the necessary tools to maintain security and compliance.
To learn more about how we can simplify PCI and help secure your business, contact us today!
Julie’s Place, a restaurant in Tallahassee, was recently linked to a data breach that occurred earlier this summer. The hackers breached the restaurant’s POS system to obtain more than 100 credit cards, resulting in $200,000 in fraud.
As recently as a year ago, the POS vendor, Aloha Systems preformed a PCI assessment of the network and equipment and found the restaurant to be compliant. However, Ernie Floyd, Director of Data Security at Radiant Systems which developed Aloha systems, says the POS software isn’t to blame.
While the final cause hasn’t yet been determined, Floyd believes that the restaurant was breached because it did not fully meet all 12 PCI requirements by maintaining a properly secured infrastructure. Improperly installed firewalls gave hackers an easy entry in to the network of Julie’s Place and access to vital customer information.
Currently, there is a rising trend of malware being directed at small businesses. At greatest risk are restaurants that often fall victim to “cookie-cutter” attacks because so many of them use the same or similar Point of Sale (POS) systems. The best defense for merchants is to utilize a “back to the basics” approach that develops a secure network and reinforces the protection of card transactions. Ensuring a secure infrastructure helps merchants better meet PCI requirements and validate compliance. Full service solutions, like SecureConnect can provide merchants the essential tools needed for security, PCI compliance and complete protection.
HEI Hospitality, an owner and operator of luxury hotels such as Marriott, Sheraton and Westin, sent out a letter this week, alerting 3,400 of their customers that credit card data may have been stolen earlier this year.
According to HEI’s letter, more than 10 hotels in several states were compromised along with the property management system at one location. The breach, which occurred from March 25 to April 17, was due to a breach of the hotel’s Point of Sale (POS) systems, exposing vital customer card data. Data such as credit card numbers, expiration dates and security code information were stolen but there is no evidence to support they have been illegally used yet.
HEI is offering customers affected by the breach a year’s worth of free credit monitoring services.
As a business owner, being proactive about your security needs can also help manage businesses risks and the costs associated with them. HEI Hospitality will have to overcome a lack of consumer confidence, the additional cost of fines and forensic investigation and the potentially devastating cost if indeed the exposed information is used. .
By purchasing a full-service solution like SecureConnect, merchants and organizations meet PCI compliance standards and network security needs with convenience and ease. The customized packages are a cost-effective measure to save any business from the hefty costs associated with a data breach.
In the recent weeks, many companies and consumers have been subjected to data breaches. Check out our previous blogs about Jason’s Deli and Serious Texas BBQ facing similar issues and contact us today for your free PCI consultation.
Hundreds of customers at Jason’s Deli in Memphis have fallen victim to credit and debt card fraud in the past few weeks. The data breach is believed to be from malware that infected computers at the restaurant.
The investigation, completed by the US Secret Service discovered that the data was forwarded to criminals in Russia who have been stealing significant amounts of money. One customer reported a loss of $739. Officials have already indicated that the breach might have also affected customers at the Seattle and San Francisco locations.
Jason’s Deli owner, Kent Holt has seen a significant loss of sales and 50% of his customers since the security breach.
“We sincerely regret this has happened,” he said, speaking to his customer base. “We hope we will be able to regain your confidence and serve you again.”
Unfortunately, business owners, like Holt, are usually unaware of the devastating effects a data breach can have until it strikes their business, damaging its reputation and customer confidence.
SecureConnect provides businesses of all sizes Internet security and complete PCI compliance along with 24x7x365 monitoring to proactively protect every aspect of your business.
Don’t be a victim; contact us today to learn how you can protect your business and your customers!