On the cusp of the new year, I’d like to welcome folks back from the holiday rush. Reading the news this morning it seems as though everyone’s already feeling the weight of debt after maxing out their credit cards this season.

The consumer debt level in Canada has climbed from $197 billion to $340 billion in just 7 years, and it’s continuing to increase… [News1130]

Once I got past the news about how consumers are going to start the new year in the red, there was an abundance of “credit card fraud” titles listed in the headlines. From a man stealing his customers’ credit card data in Minnesota, to members of an Iowa football team pleading guilty to credit card fraud charges.

Consumers have more to worry about aside form purchasing one too many gifts for loved ones resulting in a beefy statement next month. PCI compliance standards don’t simply protect merchants from costly penalties and potential breaches, they also safeguard consumers as afterall, it’s their data.

Protecting data is everyone’s responsibility. From diligent consumers so merchants stepping up and becoming compliant with the PCI DSS. Once consumers place their information in merchants’ hands, the responsibility shifts and it’s up to merchants to handle and avoid storage of that sensitive data.

According to a report from Visa issued on Oct. 24, 65 percent of the nation’s largest retailers are compliant with the PCI (Payment Card Industry) Data Security Standard. That number is an increase of 81 percent from December 2006 and 63 percent since July. But the statistic is hardly a cause for celebration—it means 35 percent of large retailers were still out of step with the requirements a month after the Sept. 30 deadline. The challenges of achieving compliance have given birth to countless numbers of tools from vendors looking to address security and auditing concerns posed by the standard. [eWeek]

Audits are costly, as are breaches (especially if you’ve been following TJX’s story). The cost of becoming compliant pales in comparison to the consequences and potential weaknesses companies can face.

This new year, allow E-xact (who is fully PCI compliant) to demo our safe and secure processing tools. From Virtual Point of Sale, to Searching, Reports and various plugins. Not only do we have innovative do-not-store capabilities, we use the latest and sleekest technologies. Sign up for a free demo today, or contact us to find out how to start the new year in the right direction.

What merchant’s don’t know, can hurt them.

According to the Payment Card Security blog, “78% of merchants don’t know… and institutions don’t care about PCI DSS“.

In the last PCI Blog post we featured a video outlining a personal story about credit card data security and the consequences. With deadlines looming as we look ahead to 2008, credit card companies are prepared to make sure that merchants know just exactly what the dangers are.

But here’s the question, can companies make the deadline in time?

Nearly a year after TJX Companies suffered what is believed to be the largest identity theft to have hit a retailer, credit card companies are laying down the law for any merchant who transacts business with plastic. By New Year’s Eve, all businesses that handle between 1 million and 6 million credit card transactions a year (primarily mid-market companies) must comply with the Payment Card Industry’s new Data Security Standard (PCI DSS). [CIO]

It can be done, and if encouragement, videos and blog posts aren’t enough the truth is that Visa, Mastercard and other companies will begin imposing fines on companies that are not on the path to compliance. To speed up the process, here are a few things you can look for right away.

Top 5 Vulnerabilities Leading to Credit Card Data Breaches (from the Braintree Blog)

• 1. Storage of prohibited data
• 2. Poorly coded web facing applications resulting in SQL injection attacks
• 3. Vendor default settings and passwords (i.e. unsecure wireless networks)
• 4. Un-patched systems
• 5. Unnecessary services on servers

E-xact can help with at least two of these vulnerabilities.

1. Using E-xact as a payment gateway eliminates merchants’ needs to store any data on their systems. E-xact is a secure processor with which merchants can perform transactions and even do searches and reports with our Realtime Payment Manager, RPM all while not having a single bit of the transactional data stored on their systems.

2. E-xact is fully PCI Compliant, which means when using our web application, RPM, your information and more importantly your customers’ cardholder information is securely processed.

For more information, please visit our solutions page, and be sure to read the PCI DSS guidelines. Those 12 steps could save you a lot of headaches, and certainly a lot of money. For some perspective, TJX just settled with Visa for $40.9 million. The cost of compliance is a bargain in comparison.

PCI Basics:

• PCI DSS Self-Assessment Questionnaire
• PCI Data Security Standard v. 1.1