— As retailers and consumers learn details about the alleged theft of more than 130 million credits cards in what U.S. authorities are saying is the largest case of identity theft to date, credit card security expert Joseph Oleksak of Plante & Moran, PLLC has important security reminders for businesses that accept credit card payments.
Oleksak, who guided Plante & Moran through the process of becoming an Approved Scanning Vendor (ASV) from the Payment Card Industry (PCI) Security Standard Council, says that businesses must balance credit card efficiency and speed in consumer transactions with the need to safeguard crucial identity information.
“To stay competitive in most industries, customer convenience is critical and the ability to swipe a credit card can make or break any deal,” said Oleksak. “For an organization to continue providing that convenience, however, they must comply with the PCI requirement to document their data security standards.”
Oleksak offers 5 key security tips for businesses that use credit cards:
- Regularly test the system and the security process, keeping up to date with system patches and antivirus software.
- Track and monitor all access to network resources and cardholder data and watch for irregularities such as multiple invalid login attempts, irregular time of day activity (including successful logins), or large amounts of traffic; all can be an indication of hacking.
- Don’t forget physical security & social engineering such as laptop users sitting in your parking lot, unescorted visitors in sensitive areas of the building, individuals sorting through company dumpsters, or requests for sensitive information via phone call or emails; these are common and overlooked attack vectors.
- Keep only the customer data you need and encrypt that data when at rest (i.e. customer data that is stored, as opposed to in transit).
- Ensure any third parties/vendors that house or have access to your customer data have implemented systematic controls to protect that data.
As an ASV, Plante & Moran helps organizations understand their PCI requirements and guides them through compliance. Plante & Moran provides clients with a PCI Executive Summary and detailed report which displays summaries of total vulnerabilities found, including the level of risk for each vulnerability, and an overall PCI compliance status with recommendations to eliminate any deficiencies. If an organization fails to comply with the PCI’s data security standards, major credit card companies like American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc., can deny them access to their credit services.
“Credit cards are a leading gateway to identity theft and merchant organizations are responsible for securing the identification of their customers,” says Oleksak. “I anticipate more draconian measures will be taken for non-compliance in the future following this week’s massive identity theft announcement.”
Plante & Moran (www.plantemoran.com) is among the nation’s largest certified public accounting and business advisory firms, providing clients with tax, audit, risk management, financial, technology, business consulting, and wealth management services. Plante & Moran has a staff of more than 1,500 professionals in 21 offices throughout Michigan, Ohio, Illinois, Monterrey, Mexico, Mumbai, India, and Shanghai, China. Plante & Moran has been recognized by a number of organizations, including Fortune magazine, as one of the country’s best places to work.