Most people fail to realize that there are always a set of eyes watching our every move, and we need to look into protecting ourselves and our private information. So practicing common sense procedures like covering your PIN number when you enter it during a debit card transaction can help reduce skimming.

Skimming is the theft of credit card information used in an otherwise legitimate transaction and can happen to anyone. It is typically an “inside job” by a dishonest employee of a legitimate merchant. The most common scenarios for skimming occur in restaurants or bars where the skimmer has possession of the consumer’s credit card out of their immediate view.

Here are a few things to do to avoid getting “skimmed”:

• Be sure to make eye contact with your waiter or waitress as they take your credit card
• Pay attention to how they “run” your card through.
• Check your credit card statements closely each month.

While doing these things will not completely eliminate the risk of skimming or other credit card fraud, they will help.

After learning 600 cards were compromised in a large skimming ring in Canada, people who still have magnetic stripe debit or credit cards might be persuaded in switching to chip technology.  According to police in the U.S. and Canada, card-skimming operations are becoming more and more popular. Skimming occurs when a person places a card-reading device in an ATM and skims the person’s banking information, then uses the information to make counterfeit cards in association with lucrative operations for crime rings.

The experienced and industry knowledgeable representatives at myPCI have been promoting and providing greater security measurements since the beginning. Partnering with Control Scan, a leader in payment security, to offer custom developed online tools, making it easier to understand and become compliant.

One of the best procedures you can practice is to ensure that your business is safe by continually keeping your credit card processing system up to date.  An outdated POS system can cause more problems than just slow connections or issues with reliability.  An outdated system can expose your customer’s credit card information and even your own banking information to “prying eyes”.

The first step towards ensuring that your system is properly secure and up to date is to check with your merchant services provider and ask about your current POS systems and PCI compliance.

The breach can cost a business more than monetary damage. It can cause a business to lose its loyal customer base, a potential listing in MATCH, and the ability to accept credit cards forever.

Data security regulations will continue to evolve over time as organizations tasked with maintaining industry standards continue to include new technology and methods to further tighten regulations.  Working with the team at myPCI will help your business stay up-to-date on these changes and ensure that you remain as secure as possible.

The team at myPCI is fully dedicated to ensuring that all merchants and their equipment are PCI compliant and as secure as they can be.  By following the 12 requirements of PCI compliant, you will reduce the risk for your business, and also the risk of your customers.

Mack says Level 3 and Level 4 retailers are being targeted by cyberthieves looking to steal credit card data, and they require more education on PCI compliance as they constitute the largest retailer segment. The council’s plans for further education and a compliance push include a microsite for Level 3 and Level 4 merchants, which will be rolled out at the same time the final draft of the new PCI standard is issued at the end of October. Mack says merchants must place a priority on avoiding the failure to engage with their bank about PCI compliance.

Fully compliant organizations follow a number of best practices, including building security into business processes from the outset, keeping compliance and security aligned, incorporating PCI activities into daily business operations, and keeping data under close control.

From “PCI: Smaller Merchants Threatened”
BankInfoSecurity.com (10/19/10) McGlasson, Linda

Link to the full article on BankInfoSecurity’s site http://www.bankinfosecurity.com/articles.php?art_id=3019

These specific tools include vulnerability scanning, security policy builders, self-assessment questionnaires and security awareness training for employees. As part of our commitment to help alleviate much of the risk of data breach, we have implemented a new breach protection program, exclusive for our clients. For those who successfully complete the PCI compliance requirements that apply to them, myPCI will cover up to $25,000 in fines, fees and expenses related to a qualified PCI data breach, if one does occur. While this should not be viewed as a comprehensive data breach insurance policy, it can go a long way toward easing your mind about risks associated with data insecurity from both and operational and financial perspective.

Compliance with the Payment Card Industry (PCI) data security standard is a requirement for all merchants that process, store or transmit credit card data. These requirements apply to all payment channels, regardless of industry or business type, including traditional retailers, mail order, pay-by-phone, and e-commerce merchants too. The PCI standard has been endorsed by all major credit card brands by their respective data security programs.

Ensuring PCI compliance means adhering to a set of twelve basic requirements, which fall within the following categories:

Build and Maintain a Secure Network
Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters

Protect Cardholder Data
Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks

Maintain a Vulnerability Management Program
Requirement 5: Use and regularly update anti-virus software
Requirement 6: Develop and maintain secure systems and applications

Implement Strong Access Control Measures
Requirement 7: Restrict access to cardholder data by business need-to-know
Requirement 8: Assign a unique ID to each person with computer access
Requirement 9: Restrict physical access to cardholder data

Regularly Monitor and Test Networks
Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes

Maintain an Information Security Policy
Requirement 12: Maintain a policy that addresses information security

In addition to compliance requirements, businesses are also required to maintain proper certification, or validation, of compliance by demonstrating it. ControlScan, the partner of My PCI and its interactive PCI portal walks you through each step of the certification process. From selecting and completing a self-assessment questionnaire and conducting vulnerability scanning to preparing security policy documents, we can help through the entire process and make accepting credit cards that much easier.

In the past, a key differentiator between companies used to be whether a business accepted credit cards. But with the vast majority of commercial entities opting to obtain merchant services accounts today, a new standard has arisen: whether or not a given business’s credit card processing system is safe. If your customers are not comfortable with your business’s ability to keep their credit card data secure and out of the hands of criminals, they may turn to a competitor.

So how do you know that you are maintaining the integrity of your credit card processing network? The answer can be found in a new worldwide designation known as PCI compliance.

PCI stands for Payment Card Industry, and being PCI compliant means following the guidelines known as the Payment Card Industry Data Security Standards. These standards encompass all of the players involved in the process of authenticating credit card transactions, including cardholders, merchants, acquirers, processors and card associations. Because this network has so many moving parts, there are numerous places where valuable credit card data can be stolen or used in a fraudulent manner. That is why PCI compiled these standards: to help prevent such breaches of security and the fallout that can result.

Here are the key points of the PCI Compliance Security Program:

• Securing the collection and corruption-proof storage of cardholder data
• Organizing cardholder data so it can be easily analyzed
• Proving compliance by providing evidence on demand that the necessary controls are in place for data protection
• Maintaining auto-alert systems, which constantly monitor the usage of and access to the protected data
• Logging data and providing proof that it has been properly collected and stored

Today, regulatory standards in the U.S. require merchants to maintain PCI compliance. Because of the evolving technology that constantly reshapes the credit card industry, as well as the fact that data can be compromised years after a transaction has been completed, PCI compliance should not be viewed as a one-time attainable goal, but rather as an ongoing battle to preserve the compliant status of a business. This means implementing and repeating procedures like removing complete credit card numbers and expiration dates from printed receipts, accurately completing self-assessment questionnaires, and conducting regular (preferably quarterly) system vulnerability scans in an effort to identify potential weaknesses.

Since most small businesses are extremely cost conscious, the temptation to ignore PCI compliance and the expenses associated with it may be substantial. A business owner may fail to appreciate the importance of following formal guidelines to maintain credit card data security, and rationalize this viewpoint with the belief that a security breach won’t happen because his or her business is just a “small fish” in the American marketplace.

But here is the cold, hard truth: every business, no matter how large or small, is a potential target for criminals and fraudsters. In fact, many unsophisticated data thieves will shy away from large conglomerates in favor of what they perceive as the “low-hanging fruit” of the small or medium-sized business.

And for the thrifty business owner, here is more sobering news: the minimal expenses of maintaining PCI compliance pales in comparison to the costs that are associated with a single security breach. Here is a possible list of consequences that may accompany a breach:

• Compensation paid out for fraudulent purchases made with stolen information
• Chargebacks associated with illegal transactions
• Replacement of company cards that have been compromised
• Forensic investigation of compromised processing systems (which can cost between $10,000 and $20,000)
• Fines levied by card associations for not being PCI compliant (which can be as high as $500,000)
• Potential listing on the Terminated Merchant File MATCH list, which can hinder your ability to obtain merchant services accounts in the future
• Loss of trust, customer loyalty, and reputation among those in your target market

Setting up your company so that it is PCI compliant is not as difficult as it may sound. The Payment Card Industry offers suggestions on what steps to take and which processes to implement. Many third-party companies are happy to provide a turnkey solution for your PCI compliance needs. Such firms will handle all of your business’s security and guarantee a safe data environment in exchange for a flat fee. For those business owners who don’t prefer either extreme, a middle ground exists as well. Certain companies package web-based compliance tools and software, which make it easy for a business owner to analyze data, fix potential problems, and validate PCI compliance. These services can be purchased for a small annual fee.

In the 21^st century, PCI compliance is becoming one of the hallmarks of commerce safety and trust in the marketplace. So make sure that your business is PCI compliant – or your customers will find someone else who is.