Source: Bluefin Payment Systems
Chester Ritchie, President of Nodus Technologies, joins us today to discuss strategies that companies can take to protect themselves before a data breach strikes. Nodus is a certified Microsoft Gold Level Partner for payment software within the Microsoft Dynamics family of accounting systems and is a Bluefin Decryptx partner.
Another local company recently sent out notices to customers stating they “may have” experienced a breach of their system. We all know how this story goes – “may have” turns into “a small number of customers were affected” turns into “all customers should monitor their credit cards and credit reports for suspicious activity.”
When will this stop? Only when merchants understand the responsibility they signed up for when agreeing to accept credit cards as a form of payment. The responsibility to protect private cardholder data falls fully on the merchant. In a case like this, the merchant will experience fines, loss of reputation/business, and possible loss of ability to accept credit cards as a form of payment altogether.
The first thing merchants must do to protect themselves is to understand their environment when collecting a credit card. Before the Internet, processing a credit card by using a dedicated terminal was relatively safe. The configuration consisted of a terminal that included software and direct connection (POTS) to the payment processor.
But as the Internet, software and mobile have proliferated, dedicated hardware solutions have been replaced. Direct connections have given way to the cheap interconnectivity of the Internet, costly dedicated hardware has been replaced by software, and business line software solutions have automated payment acceptance. These innovations have provided great cost savings to merchants in equipment, communication, and automation, but come with a price many merchants haven’t realized. That price is PCI compliance and protecting private cardholder data.
A common payment solution today most likely employs technology on each layer of the PCI Compliance Pyramid. Merchants need to be aware of this and ensure that each layer has the proper security to protect against hackers and secure private cardholder data.
The PCI Compliance Pyramid
This pyramid is a representation of the various layers a typical payment software solution may employ. Connecting the layers together are communication channels. All layers and communication channels must be protected to help ensure hackers cannot steal information along the path of a payment transaction or steal an entire database of cardholder data.
- Hardware – Most software applications run on some type of computing hardware device. This could be a cell phone, IoT, credit card swiper, or keyboard connected to a computer. Merchants need to ensure that the devices used to enter credit card information…
Click here to read more