Many consumers are aware of the threat of credit card skimming devices at ATM’s and pay at the pump gas station terminals. However, the presence of skimming devices is rapidly increasing and the technology is becoming more and more advanced. Most recently, self-service checkout lanes have become a target for these skimming devices. Since the credit card readers in the self-service checkout lane are in the open without regular employee presence, they are more vulnerable to be altered or tampered with.
In November, credit card skimmers were discovered at the self-service checkout lanes at 24 grocery stores in California. The grocery stores involved were all a part of the Lucky Supermarket chain. An employee noticed in late November that a card reader at their store looked suspicious and it was determined that an illegal skimming device had been mounted to the reader. (more…)
A Boston company that owns and operates several bars and restaurants such as The Lenox, Ned Devine’s and The Harp, recently agreed to pay an $110,000 penalty to settle a lawsuit with the state. According to the lawsuit, filed by Massachusetts Attorney General, Martha Coakley, The Briar Group LLC exposed more than tens of thousands of their customers’ financial information to hackers after the company failed to remove malicious software from its computers .
In addition to the malicious software, the lawsuit also claims that the company also neglected to change default usernames and passwords on its point-of-sale (POS) systems, secure its wireless network and continued to accept credit and debit card after knowing about the security breach. Now, along with the $110,000 fine, the company is also required to develop a security password management system as well as implement stronger data and network security. The Briar Group is the first company to be penalized under the new Massachusetts’ data privacy law, which went into effect on March 1, 2010.
However, ITRC also emphasized the statistics could be highly flawed due to the lack of transparency with data breaches. The total number of records compromised was collected from only 51% of publically reported data breaches.
“Other than breaches reported by the media and a few progressive state websites, there is little or no information available on many data breach events”, the IRTC said in a press release. “It is clear that without a mandatory national reporting requirement, that many data breaches will continue to be unreported, or under-reported.”
While 46 states have data-breach laws in place, only five states (Maryland, New Hampshire, Vermont, Maine and Wisconsin) make that information “public in a meaningful way,” said ITRC founder Linda Foley. The ITRC predicts that the mandatory reporting will soon be federally enforced through either consumer lobbying or legislation.
With the number of data breaches and compromised records on the rise and the heavy movement towards data breach transparency and reporting, merchants cannot risk being vulnerable. Those who do not have proper network security in place should protect themselves from the negative publicity, heavy fines and fees, and loss profits as soon as possible.
No matter what company you’re talking about, there’s one thing that you can say about the QSR industry — it definitely moves fast! This means that instead of trying to get everything done at one time, you’ll actually need to stop and think about what tasks need to be delegated to what person. It’s better this way because it definitely takes a world of pressure off your shoulders.
There is one issue that you will need to think about before all others, and that’s PCI compliance. Due to the high volume of transactions that take place in the QSR industry as a whole, you must think carefully about how your business is handling PCI compliance. There is much more at stake, and security is absolutely important.
Instead of trying to deal with it on your own, you need to get with a security company that truly does understand the QSR industry instead of just pretending. This level of specialization is out there, but you may need to ask a few more questions before you really find the company that you want to deal with.
Overall, what the QSR industry really needs to know about PCI compliance is that it’s truly one of the top security concerns that you have to pay attention to. If you really stop and focus on PCI compliance, you and your business will have virtually nothing to worry about. Become carefree and contact us today!
Although consumer confidence remains difficult to measure, common sense tells us that loyalty stays with companies that can provide the most secure, reliable transactions. Small merchants (known as Level 4), that process a lower amount of transactions per year, are actually at the highest risk for security breaches.
The American Hotel and Lodging Association has found that these Level 4 merchants account for more than 85% of compromises.
A study conducted by the University of Delaware has sought to understand the impact of credit card breaches on service quality, guest satisfaction, future revisit intention and the likelihood of recommending a brand to others. More details on the study can be found in the Hospitality Technology article, A ‘Breach’ in Customer Loyalty by Cihan Cobanoglu.
The most significant results of the study, though expected, clearly outline the positive impact of keeping customer credit card data safe through proper security measures. Because consumer trust is so fragile, it is vital that businesses apply common sense practices and comply with the PCI DSS. As Cobanoglu says, “A company can spend years building confidence and trust, but one single event can destroy or damage it significantly.”
The moral of the story is, don’t keep your PCI compliance efforts to yourself! By communicating it to customers, your business will be further positioned as a company of trust and may give you a needed advantage over competitors.