PCI Compliance

Last year, Heartland Payment Systems became famous for having suffered the largest known data breach that involved card data from payments made. Now, there are rumours that the company has suffered yet another payment breach at a local restaurant chain in Austin, Texas.

According to Heartland Payment Systems, the breach was a controllable “localized intrusion initiated within the stores, either in their point-of-sale system or as a result of other fraud.”  Heartland has said that the card data at the chain was not compromised. I’m sure that’s a huge relief for the customers. One word for Heartland – CardGuard!

PCI DSS is the Payment Card Industry Data Security Standard that was developed by the founding payment brands of the PCI Security Standards Council, including Visa and American Express, to ensure consistent and regulated data security procedures.

For any commercial operation that stores, transmits or in any way handles cardholder data, PCI DSS is a mandatory requirement, not only for the security of your customers but also for the security of your business. PCI DSS applies to both electronic and manual storing and handling of cardholder data. Should your business become the victim of credit card fraud and your customers suffer, you will be held accountable, which is why it is a good idea to become PCI Compliant as soon as possible. As card fraud is a rising crime, it is imperative that you protect yourself and your customers.

A massive card fraud operation has resulted in a four and a half year prison sentence for Theogenes De Montford, 29, of Blandford Way, Hayes and the rest of his gang may soon be following him.

One of the biggest chip and pin scams in the UK, De Montford was found with 35,000 card details and the majority of those came from a single garage - a Shell garage on Bluebell Hill in Maidstone, Kent. Cloned cards are normally sold on the internet black market for a huge profit.

In this case the card guard was no use as cloning equipment was placed on the machines and as people are normally in a hurry at petrol stations, abnormalities weren’t noticed at the time.

Police across Europe, the UK, America and Australia have arrested 178 people in a massive crime ring bust that involved fourteen countries, around £17 million and a two year investigation.

The main investigation took place in Spain and involved the cloning of credit cards. When police and security guards descended on the main labs, they recovered 120,000 stolen card numbers and 5,000 cloned cards. Apparently, the criminals paid shop workers to pass along card numbers – which is why CardGuard is such a good idea not only for PCI Compliance but also to stop your customers being robbed.

According to sources, the people behind the credit card fraud also deal in robbery, blackmail and money laundering. Let’s hope they go away for a long time!

If you think your private data is safe with the people who help run the country, you’re rather sadly mistaken. A recent Freedom of Information request by The Mail for information regarding unauthorised access to of the UK’s tax and benefit mega-database by council staff revealed scary results. Last year, there were 124 security breaches in tax and benefits department, compared to 20 the year before.

The UK council holds the tax and benefits information of 85 million people and to think that council workers are abusing that makes your blood boil. However, what troubles me more is the fact that tax and benefits automatically take down bank information. With PCI Compliance laws, telephone workers are not allowed to hear or see any of this sensitive data yet without products such as CardGuard and with below par IT security, how can we trust the council to keep our data safe? The truth is, we can’t.

Researchers at Cambridge University have discovered a protocol flaw that may allow crooks to use chip and PIN cards without actually having the PIN number. By inserting a device between the card and the terminal, criminals can trick the terminal and the bank into thinking that the PIN was entered and was verified. Even if the criminals enter a PIN, it will still receive approval.

Not only is this worrying when you consider data security, it also begs that question, who is liable? With new PCI Compliance laws businesses making it compulsory for businesses to keep customer data safe, they could be liable but it’s highly unlikely. The problems come when banks can only see a verified card payment while the customer is maintaining that it’s fraud. Very troubling.

A massive epidemic is sweeping the UK. Fraud is at an all time high and according to new information, 44% of people have suffered from credit card fraud while a further 42% have had their identity’s stolen.

The majority of people who suffered credit card fraud have not managed to regain their money back from banks and financial institutions and the public of the UK is blaming retailers. New standards put into place by the Payment Card Industry Council means that retailers have to have stringent security measures in place in order to protect customer’s card data and qualify for PCI Compliance. So if retailers are still losing the card details of people, they’re obviously not PCI Compliant yet!

A new survey published by PwC has revealed that the cost of cybercrime for UK businesses has reached a staggering £10 billion per year which negates the claims that cybercrime rates were falling.

The survey showed that 92% of large UK businesses questioned had experienced some kind of cybercrime whether attacks or the leakage of personal data. The cost of cybercrime continues to rise for companies as attacks increase in frequency and bodies such as the Information Commissioners Office are granted the powers to fine companies up to £500,000 for data loss. On average, large UK businesses are now having to deal with around 45 cybercrime attacks each year. Two years ago, this figure was 15.