Many consumers are aware of the threat of credit card skimming devices at ATM’s and pay at the pump gas station terminals.  However, the presence of skimming devices is rapidly increasing and the technology is becoming more and more advanced.  Most recently, self-service checkout lanes have become a target for these skimming devices.   Since the credit card readers in the self-service checkout lane are in the open without regular employee presence, they are more vulnerable to be altered or tampered with.

In November, credit card skimmers were discovered at the self-service checkout lanes at 24 grocery stores in California.  The grocery stores involved were all a part of the Lucky Supermarket chain.  An employee noticed in late November that a card reader at their store looked suspicious and it was determined that an illegal skimming device had been mounted to the reader.  (more…)

Financial institutions and retailers have long debated who should be responsible for recuperating the costs associated with a security breach, but one bank is taking it a step further by urging its customers to lobby for new legislation making retailers, instead of banks, responsible for financially replacing breached cards.

HarborOne, a 15-branch credit union in Brockton, MA, wrote a letter to several hundred of its customers, who were recently breached, advising them to contact local congressmen specifically Democratic Rep. Barney Frank, House Financial Services Committee chairman.

“Tell them that you believe that the retailer or vendor responsible for the security breach should be held financially accountable for the costs of reparation,” HarborOne wrote. “Urge all of them to sponsor and support legislation resolving the credit and debit card security crisis by having vendors and retailers and other businesses establish sound information security systems.”

However, Jon Hurst, president of the Retailers Association of Massachusetts refuted HarborOne’s position claiming that the financial industry created electronic payment and are reaping billions of dollars in profit despite the losses from security breaches.

“They’re making money hand over fist,” he said of banks, card issuers and others. “They’re charging all these hidden fees and (the cost of breaches) are all built into their financial structure.”

As the debate continues and new legislature is created, it is important to remember that someone has to pick up the price tags associated with a security breach. While retailers already face fines, fees and lost profits with a security breach, don’t let one more expense possibly take down your business. Avoid the negative press, hassle and expenses and become PCI compliant today!

If you are trying to manage a fast food restaurant, then you probably know all too well the complexity of PCI compliance. It’s not that the policies are that restrictive, but the reality is that you have to handle PCI compliance a bit differently when you’re a quick service restaurant than when you’re only processing a handful of transactions day in and day out. A good QSR can see hundreds of transactions a day — and that’s just on a slow day. Add in holidays and other times where people come out to get a quick bite to eat and you have a high transaction volume business that has to be protected at all costs.

So, the question on your mind at this point might be whether or not fast food restaurant PCI compliance can ever actually be …well, fast. This is a valid question with a valid answer: yes, yes it can!

You see, the key is to get knowledge and experience on your side — that’s the only way to really make sure that you will be able to make sure that you’re covered when it comes to PCI compliance.To get started, why not contact a good security consulting firm and get a free PCI assessment? From there, you can start a dialogue about the exact PCI requirements that your restaurant needs to meet in order to keep everything running smoothly.

HEI Hospitality, an owner and operator of luxury hotels such as Marriott, Sheraton and Westin, sent out a letter this week, alerting 3,400 of their customers that credit card data may have been stolen earlier this year.

According to HEI’s letter, more than 10 hotels in several states were compromised along with the property management system at one location. The breach, which occurred from March 25 to April 17, was due to a breach of the hotel’s Point of Sale (POS) systems, exposing vital customer card data. Data such as credit card numbers, expiration dates and security code information were stolen but there is no evidence to support they have been illegally used yet.

HEI is offering customers affected by the breach a year’s worth of free credit monitoring services.

As a business owner, being proactive about your security needs can also help manage businesses risks and the costs associated with them. HEI Hospitality will have to overcome a lack of consumer confidence, the additional cost of fines and forensic investigation and the potentially devastating cost if indeed the exposed information is used. .

By purchasing a full-service solution like SecureConnect, merchants and organizations meet PCI compliance standards and network security needs with convenience and ease. The customized packages are a cost-effective measure to save any business from the hefty costs associated with a data breach.

In the recent weeks, many companies and consumers have been subjected to data breaches. Check out our previous blogs about Jason’s Deli and Serious Texas BBQ facing similar issues and contact us today for your free PCI consultation.

Unique user IDs and passwords are an important aspect of information security. They are the front line of protection for user accounts. A list recently released after a hacking incident on photo-sharing and slideshow site, RockYou.com provides insight into some of the most commonly used passwords including:

These twenty are good examples of poor password choices. Notice, many people simply chose their first name, or common number groupings. Good password policy, however, includes much more than simply avoiding the passwords listed above. A poorly chosen password can result in the compromise of a company’s entire network. Requirement 2 of the PCI DSS states, “Do not use vendor supplied defaults for system passwords and other security parameters.” Our PCI experts at BHI SecureConnect^® recommend that companies enforce strong password policies throughout their organization.

By following some simple guidelines, you can help to minimize the chance of a password breach:

• Change user passwords at least every 90 days
• Have a minimum password length of at least seven characters
• Contain both upper and lower case characters (e.g., a-z, A-Z)
• Contain at least one number
• Contain at least one punctuation character (i.e.,!,@,#,$,%,^,&,*)

Although creating a strong password is essential, maintaining its security is just as important. Never reveal passwords in messages, phone conversations, written documents, or on computer systems. Your organization should have an Information Security Policy that outlines a standard for protection of passwords.