The biggest news in the credit processing world this early spring is the unwelcome kind: Reports of a security breach at Atlanta-based Global Payments, a large processor of Visa and Mastercard payments.
While the security risk appears to be limited to a total of 1.5 million cards, and involves only Track 2-type data (the type of data appearing on a magnetic strip which could allow duplicate cards to be made, but generally precludes any kind of identity theft) , the fallout is more widespread.
Visa dropped Global Payments from its list of processors meeting PCI (Payment Card Industry) compliance standards (which Global is currently trying to re-obtain). Consumers may also be viewing the data breach as more severe than it actually is.
For example, in British Columbia, according to CTV, Vancouver police “say residents are already receiving calls from people posing as security employees with MasterCard or Visa, who tell them they have fraudulent charges on their card and ask for the security code on the back of the card. Police are warning not to give out that number.”
The climate of fear, then, can often lead to expanded data and security breaches, and more.
Merchants however, can reassure customers, when and where appropriate, their data is still safe, whether online or in-store. Sometimes events like this can be good occasions to proactively reach out to consumers, through website updates, emails, etc., reminding them of basic card-use security procedures, simultaneously reminding them that doing business with your company is still safe. Additional steps include advising cardholders to:
* Check their bank account if they have used their debit card with pin in a retail establishment or as a cc in other purchases.
* Check for unfamiliar transactions daily, including their online credit card statements, to see if there are any unfamiliar transactions.
*Avoid emails that guide you to websites asking for personal data or unsolicited calls from people asking for your Credit Card information
*Look for suspicious “extra” equipment on gas pumps, ATMs, etc., and let customers know about “skimmers.”
And while AVP Solutions was, of course, unaffected by this news, their in-house experts have additional tips for businesses, too: Make sure you’re using the most recent, PCI-compliant point of sale terminal, and for companies doing business via e-commerce, be sure your sites have an SSL certificate, using a PCI-compliant gateway. Indeed, merchants are required to complete a PCI questionnaire during the approval process with most banks. Based on the form, banks then determine if the merchant needs additional security for their websites.
And of course, always make sure you know your employees!
Feel free to contact your AVP Solutions rep at at 1-800-719-9198 if you have any questions.