Credit Card Breaches Continue Because Merchants Won’t Take Basic Security Precautions

It seems like every day we see another credit card breach in the news.  Recently the retail chain Buckles said they had a breach.  Sabre, the airlines reservation system founded by American Airlines suffered a breach and as a result, so did a number of their customers including Hard Rock and Lowes Hotels.

There are some simple steps that businesses can take to reduce that risk according to Payment Week.  Those steps Include:

  • Conduct a risk assessment – risk assessments identify threats that may not even be on a company’s radar screen.
  • Reaffirm payment channel security – we are still seeing large numbers of card present breaches (as opposed to card not present online transactions).  Businesses need to make sure that all payment “channels” are secure.
  • Encrypt data before it enters the Point of Sale system – We are still seeing a lot of breaches caused by allowing unencrypted data to pass into and through the PoS system.
  • Adopt EMV Technology – That is the chip based credit cards.  While it does not eliminate fraud, it makes it much harder.  Some companies, such as Wendy’s and Chipoltes, both of which have suffered credit card breaches in the last year, have intentionally not upgraded their systems for different reasons.  As customers, we need to vote with our feet and just not patronize businesses that have not upgraded their security.  Those companies are taking extra risk by not upgrading to EMV (chip) systems as they are now liable for 100% of all costs associated with a credit card breach.  While you will likely get money stolen as a result of a credit card breach returned, it is still a hassle.
  • Embrace tokenization –  Tokenization is a technology which allows businesses to keep a unique token rather than the actual credit card.  If the token is stolen, it is useless to the crook – unlike the stolen credit card, but that token can be used, only by that merchant, for recurring transactions.

While implementing these solutions won’t eliminate credit card breaches, it will make them much less valuable to the bad guys, meaning that they will find something else to attack.  If they can’t make money stealing credit cards, they won’t do it.  Hacking credit card systems is not fun;  it is a business.

Information for this post came from Payment Week.

Leave a Reply

Your email address will not be published.