By David Fitkin and Fred Crooks
Identity theft is on the rise. It is now the third most serious crime in our country according to the Federal Bureau of Investigation (FBI). The federal government is putting pressure on Visa and MasterCard to protect vital cardholder data at the point of sale. They are doing this by passing this responsibility on to their small business owner clients. Unfortunately, businesses are not taking this issue seriously because they feel they are too small and “under the radar”.
However, just the opposite is the case as over 80% of all data breaches are from small “Mom and Pop” main street businesses. These businesses do not have the money to hire the IT personnel needed, or purchase the sophisticated software to help protect themselves and their customers.
Cyber thieves have found a way to tap into credit card terminals and steal data as it is transmitting to the merchant service providers. In fact, even though the older terminals appear to work just fine, they have small hard drives that store cardholder data and when the owners are asleep the cyber thieves are working diligently to download that data. This also happens with the older point of sales (POS) systems as well. When that data is on the hard drive it can be taken as easily as receiving a Windows update. The same “backdoor” that allows upgrades from providers such as Microsoft and other software companies is left open for the cyber thieves.
Due to the pressure from Congress, MasterCard and Visa will soon be seeking out and punishing all business owners that are not compliant placing their customer’s cardholder information at risk. The credit card companies point out that they have been warning business owners about the new regulations for the last 2 years. Visa and MasterCard typically include a one line warning on merchant statements that refer to the issue and warn business owner’s that compliance with the law is their responsibility.
Businesses found not to be compliant face losing the ability to accept credit cards and may be subject to steep fines. What many business owners do not know is that if you do not have a compliance certificate and compliance manual you are NOT compliant.
Many business owners operate under the false sense of security that paying “compliance fees” to their merchant card provider keeps them compliant. Unfortunately this is NOT true. These fees are really charged by the card provider to offset their own cost to be in compliance.
In addition to being compliant with the regulations is the cost to the business owner if there is a breach of security. Often the cost to repair the damage done to the business and its customers is tremendous and can even force some out of business. It would be wise to consider investigating the special insurance policies that cover cyber theft.
For additional information on how to get your business compliant with the current credit card regulations or how to insure your business against these risks please contact our office, we would be glad to assist you.