  |
|
|
FROM THE WATERFRONT Uncompromised Data by Vickie Micheau, Executive Director With increased business activity anticipated for the upcoming tourism season, there surely will be more cash and credit card transactions taking place. There is no time like the present to ask yourself if the credit card data that you are capturing is truly secure. After all, if you accept credit cards, the responsibility to keep this data secure is, in part, yours. I hope you find the following article submitted by the Michigan Retailers Association helpful as you determine the need to implement formal security policies and vulnerability management programs as part of your business operation. Q. My customers trust me with their credit card data. How can I make sure my system is secure from the threat of identify theft? A. Recently, the systems of T.J. Maxx and Marshalls were compromised when a widespread security breach potentially exposed more than 40 million customers to fraud and security theft based on credit card data. Today’s hacker attacks are increasingly sophisticated, and thwarting them requires specialized tools and procedures. Investigators for the payment card industry have analyzed enormous amounts of data in order to learn about the emerging trends regarding theft of personal data. Visa and MasterCard are uniquely positioned to be able to detect fraud patterns as they emerge and help law enforcement in investigating data breaches. According to Visa, many point-of-sale systems are still improperly storing too much data in violation of the payment card industry’s operating regulations. Identity thieves are well aware of these vulnerabilities and target those systems to steal the information. Visa has also found breaches involving the card security codes found on the back of cards (known as the CVC2, CVV2, CSC or CCID) or the personal identification numbers used with debit card transactions. Merchants can limit security breaches by not storing full magnetic stripe data, CVV2, PIN numbers or PIN blocks. Merchants should verify they are not storing prohibited data. Visa suggests merchants follow these steps: • Ask your POS software vendor or reseller to confirm the software version does not store full magnetic stripe data, PIN or CVV2 information. • Review custom POS applications for any evidence of prohibited data storage and eliminate any function that enables storage of this data. • Confirm that all cardholder data that are stored are absolutely necessary and appropriate for the transaction type. • Verify that your software version has been validated as compliant with Payment Card Industry (PCI) Data Security Standards. For more information about PCI compliance, see http://www.visa.com/cisp or www.mastercard.com/us/merchant/security/. Do you have a retailing question? Ask the Michigan Retailers Association in writing—by mail, 603 South Washington Avenue, Lansing, MI 48933; by fax, 517.372.1303; by e-mail, mra@retailers.com. |
|
|
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • •
|
|
           |
 |
||
 |
||
 |
||
 |
||
