When you think of data security the first thing that pops into your head is internet security services – including firewalls, encrypted data and people sitting at computers crunching code. With all of that being true, it’s only one part of PCI security paradigm.

In turn, when people ask ‘what is PCI’ they are often surprised to learn that it’s not as complicated to understand as one might think. When you get down to the fundamental core of PCI, the factors and rules involved are actually quite basic to comprehend once you peel the layers away. The purpose is to essentially keep any cardholder data (electronic or physical) protected in safe a manner, locking down your business operations, to minimize risk and exposure of a breach. (more…)

As some of the largest breaches in U.S. history have occurred in the past couple of months, all companies are quickly realizing the value in protecting networks, customer data and ultimately themselves from data breach attacks.

But what about financial protection? As these attacks become more and more sophisticated, no company can be protected 100 percent of the time. In fact, according to Verizon’s 2011 Data Breach Investigations Report, small to mid-size businesses need to be most guarded as they have become the biggest targets of data breaches.

Plus, the costly and devastating effects of a data breach are detrimental enough to bring even the most stable of businesses to an end. In the 2010 Global SMB Information Protection Survey, by Symantec, it was reported that the average annual cost of a data breach for small to mid-size companies was $188,242 and because merchants aren’t even properly insured, that cost falls directly to them. 

But by implementing or choosing a PCI provider that offers a data breach insurance policy, you can avoid paying for these costs. Below are some types of coverage and tips for insurance policies:

1. Breach-related coverage: Most policies don’t include notification, lost profits, credit card monitoring, forensic audits, card replacement, and even fee costs. Find a policy that covers as many breach-related expenses, so you can be completely covered. 
  
2. Damage and defenses coverage: This coverage is meant to cover you in the event of a lawsuit or claims resulting from a data breach. More and more companies, such as Ceridian Corporation, Lookout Services and the Briar Group, are being sued by customers, state attorney generals and even the FTC for failing to secure financial information. Although unexpected, this coverage is can help your business out, when you need it the most!

3. Restoration coverage: This coverage is designed to help your business get back up and running after a data breach. It covers costs such as restoring lost data, getting networks back online and even public relations services to repair your company and brand reputation.

4. Extortion coverage: What if your financial or company information is stolen by a hacker and held for ransom? This type of coverage not only includes the cost of covering the demands but also hiring a security firm to track down the culprits! 

5. Make sure your providers are covered: If you are choosing a PCI compliance provider for your business, check to see if they offer a comprehensive policy. It is a great way to remain protected while saving the cost of insuring yourself.  For example, available as a standard feature in every package, SecureConnect customers are protected by a $100,000 Breach Protection Program.  The program covers data breaches and its associated expenses, without even paying a deductible!

With hacker technology evolving daily, data breach insurance, just like flood or property insurance, is a necessary expense and is the difference between your business going bankrupt or bouncing back from a breach.

Last week, Michaels revealed that they were the recent victims of a data breach and that customer information was compromised. The data, which was originally thought to be taken from several stores in the Chicago area, has become much more widespread than authorities suspected. So far 80 stores, spread across more than 20 states have had their PIN pads tampered and compromised.

Some authorities suspect that the thieves used electronic card skimmers, the most common way to breach a PIN pad, to intercept credit and debit card numbers. Then, using out-of-town ATMs, they withdrew at least $500 from each victim’s account.

Similar smaller breaches involving compromised PIN pads have hit other well-established companies such as Aldi’s who suffered a breach last year and Hancock Fabrics, who was also breached a year before that.  However, the Michaels breach has been so large that some security experts believe that malware used to infect the PIN pad could be responsible. Since the breach was first spotted in Chicago, the U.S. Secret Service has been brought in to investigate the cause.

Michaels has urged customers to review their bank and credit card statements, as well as change any PIN numbers and security account settings.  “We sincerely regret any inconvenience this may have caused you”, said CEO, John Menzer in an e-mail. “We want you to know that we are working with law enforcement authorities in every way we can to help in the investigation.”

Best Buy is warning customers their personal information has once again been breached. The electronic retailer discovered that a former business partner’s files, that contained customer information, were accessed by an unauthorized user. In a letter from the company, Best Buy reported that the only information that was stolen was customer email addresses and they are working to improve data security procedures. This breach is the second to hit Best Buy customers in less than a month.

The first databreach, which included customer emails, addresses and names, were also stolen via third-party vendor, Epsilon. The Epsilon incident, which included clients such as Walgreen’s, TiVo, Capital One, HSN,JP Morgan Chase andCitigroup, has grown to possibly be one of the largest data breached in history. To read more about the Epsilon breach, click here.

Seeing as this is Best Buy’s second strike, the company will need to really focus on implementing better security initiatives as data breaches continue to rise and government officials concentrate on penalizing companies that don’t protect customer information, like The Briar Group. To read more about the consequences The Briar Group faced, click here.

If you are running a restaurant then you might be aware of the fact that a lot of people like to pay with their credit cards instead of with cash. This is a very common trend nowadays and people do not like carrying around a lot of cash. Speaking about your restaurant again, you might be a little better off in your business if you managed to make your restaurant PCI compliant. This is because you will then be able to give an assurance to your customers that their data will be handled securely and will not be misused at all.

It is not an easy task to become PCI compliant, but it is not hard too. All you need to do is to make the necessary arrangements for protecting your customers’ credit card data when the cards are used at your restaurant. It will surely take some time to make the required arrangements, but it will be definitely worth it as your customers will then feel confident about using their cards at your restaurant, which could definitely mean new business opportunities for you as well. You just have to become PCI compliant and then let everyone know about it. You will then soon see a rise in your business.

Contact SecureConnect to become compliant today!