Barnes and Noble was hacked with hackers breaking into the credit card swipe machines of its stores around the country. It’s customers credit cards were stolen but more important B&N’s trust with it’s customers was broken.
There are a number of ways to hack into credit card terminals, according to Wired magazine.
Sage Payment solutions offers these tips to help keep you safe. Don Weary, VP of product management, is their resident guru on these things and shares his thoughts below. Although some of the tips are a bit geeky, read through them and consult with your tech consultant – who you hopefully trust and have done a background check on.
Here’s Don’s tips:
1. Make certain your payment processing software security is up to date and is PA-DSS (Payment Application Data Security Standard)-certified, and that your business receives their PCI-DSS (Payment Card Industry Data Security Standard) certification.
PCI certification is extremely important because it provides a level of confidence and assurance that a processor has followed and passed a robust set of best practices for securing the information being processed when credit card payments are made. There’s no silver bullet here. You have a responsibility to protect your customer’s credit card information just like you should be protecting all of your customer data. A full PCI audit will offer a scorecard across a business’s payments environment, including all connected back-office applications, allowing them to make critical changes before security holes are exposed by thieves.
2. Ensure your employees visually assess PIN pads regularly to ensure there is no physical evidence of tampering.
Also, train employees to spot commonly used methods for siphoning credit card information. Thieves often attach small devices to the PIN pad itself in an effort to lift credit card information from the customer. These devices can be disguised to look like a part of the apparatus, but a vigilant employee should be able to easily identify extraneous equipment.
3. Monitor all transactions and maintain detailed records of all credit card sales.
If a theft occurs, it is imperative you can retrace your steps in order to assess where the breach occurred. Doing so may lead to catching the criminal(s) and will undoubtedly help shed light on any holes in security needing to be addressed. Identifying where a breach occurred will also minimize the number of customers affected, since steps can be taken to ensure the business is protected from further theft.
4. Select a payments provider who is technically savvy.
Look for a partner that supports end-to-end encryption technology. End-to-end encryption starts with your payment capture devices, and goes all the way to the transaction being authorized. The technology prevents the card account data from being stolen electronically and lessens the cost and impact for your business to become PCI-certified You need to balance cost versus product and service. Using the low-cost provider could come at the expense of limited product functionality, potential security holes, and lower levels of customer service.
5. One of the biggest things you can do is do everything in your power to not be in a situation where you have to store credit cards numbers.
For example, Sage Payments offer what they call a “PCI Free Zone.” Their software is designed so credit card information is never stored at the customer’s site or on the customer’s business software. Once the credit card is swiped or its number manually entered, Sage Payments process the transaction and store the card information in their Sage Vault in the cloud and they send back an encrypted ID. When you want to do another transaction for that same customer, your software passes Sage Payments the encrypted ID so you NEVER come in contact with the stored credit card data. As a result, you avoid one of the biggest risks in PCI compliance.