In what should be a cautionary tale for any company that accepts credit cards, the Federal Trade Commission is suing a major hotel chain for failing to keep customer credit card information secure. Because the chain allegedly failed to keep credit card numbers safe, up to 500,000 card numbers were acquired by criminals in Eastern Europe. Most notably, credit card numbers continued to be lost over a period of years owing to issues that had not been fixed following the original intrusion. Other merchants may experience similar recurring issues if they do not ensure that their credit card processing setup is properly secured, especially in the aftermath of a breach or hacker attack.
While the average data breach creates negative publicity, lost sales, and severe inconvenience to your customer base, the biggest inconvenience does not normally come from the Federal Government. Instead, major card associations like MasterCard and Visa may require you to do a forensic audit of your entire credit card processing and POS setup, reimburse banks for card reissuing, and pay fines for allowing a data breach. Many news stories detail how ordinary business owners were driven to bankruptcy because they either had to foot the cost of a payment processing audit, or they lost permission to process credit cards. Credit card associations follow standards like PCI-DSS for data handling and information security, and these standards trickle down all the way to merchants, who may not realize their level of liability in the event of card number theft.
Merchants can be held responsible for stolen data that is kept by outdated software, insecure POS systems, older credit card terminals, and careless employees. PCI-DSS audits are supposed to be performed at the business level on an annual basis, and include everything from terminal security to WiFi network access and employee access to cardholder information. Many processing companies will charge additional fees to merchants who are not fully compliant with these regulations, but the fees related to the loss of data can be significantly worse.
Capital Processing Network offers a number of solutions to prevent data breaches. The first line of defense involves up-to-date terminals, which should not be storing credit card information. We recommend secure, name-brand equipment that is easy to use, compliant with PCI-DSS, and designed for periodic security upgrades. Secondarily, there are available services like TransArmor credit card tokenization, which encrypt card numbers and replace them with a “token” that can be used by your business but is all but useless to data thieves. Third, we work to keep our customers current with PCI-DSS compliance regulations as well as new initiatives like EMV and smart card requirements that are being rolled out by major credit card associations. Finally, Capital Processing Network terminals feature an Equipment For Life program that will replace machines that become obsolete or break. Aside from preventing data breaches and the potential of FTC action, Capital Processing Network also will be saving you money on card processing and giving you peace of mind.