What merchant’s don’t know, can hurt them.

According to the Payment Card Security blog, “78% of merchants don’t know… and institutions don’t care about PCI DSS“.

In the last PCI Blog post we featured a video outlining a personal story about credit card data security and the consequences. With deadlines looming as we look ahead to 2008, credit card companies are prepared to make sure that merchants know just exactly what the dangers are.

But here’s the question, can companies make the deadline in time?

Nearly a year after TJX Companies suffered what is believed to be the largest identity theft to have hit a retailer, credit card companies are laying down the law for any merchant who transacts business with plastic. By New Year’s Eve, all businesses that handle between 1 million and 6 million credit card transactions a year (primarily mid-market companies) must comply with the Payment Card Industry’s new Data Security Standard (PCI DSS). [CIO]

It can be done, and if encouragement, videos and blog posts aren’t enough the truth is that Visa, Mastercard and other companies will begin imposing fines on companies that are not on the path to compliance. To speed up the process, here are a few things you can look for right away.

Top 5 Vulnerabilities Leading to Credit Card Data Breaches (from the Braintree Blog)

• 1. Storage of prohibited data
• 2. Poorly coded web facing applications resulting in SQL injection attacks
• 3. Vendor default settings and passwords (i.e. unsecure wireless networks)
• 4. Un-patched systems
• 5. Unnecessary services on servers

E-xact can help with at least two of these vulnerabilities.

1. Using E-xact as a payment gateway eliminates merchants’ needs to store any data on their systems. E-xact is a secure processor with which merchants can perform transactions and even do searches and reports with our Realtime Payment Manager, RPM all while not having a single bit of the transactional data stored on their systems.

2. E-xact is fully PCI Compliant, which means when using our web application, RPM, your information and more importantly your customers’ cardholder information is securely processed.

For more information, please visit our solutions page, and be sure to read the PCI DSS guidelines. Those 12 steps could save you a lot of headaches, and certainly a lot of money. For some perspective, TJX just settled with Visa for $40.9 million. The cost of compliance is a bargain in comparison.

PCI Basics:

• PCI DSS Self-Assessment Questionnaire
• PCI Data Security Standard v. 1.1

You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.