Small merchants becoming large targets for hackers; PCI education needed

Patrick Turiano |

July 29, 2011

We weren’t surprised to read another article in a national paper highlighting the need for continued security vigilance even in small businesses.  The tale it tells is of hackers now targeting smaller merchants rather than big corporations to gain access to consumers’ valuable credit card information. It clearly speaks to the need for PCI education at the merchant level:  not just from the technology perspective, but from best business practices needed to secure businesses from external attacks.

It shouldn’t come as a surprise that data thieves and hackers are now targeting smaller businesses rather than going after larger corporations. Larger corporations have the ability, both financially and with resources, to implement the latest technology and best practices to protect their systems from hackers. While technology and compliance isn’t 100 percent bulletproof, it does provide enough of a deterrent that hackers and thieves will look elsewhere for the path of least resistance.

Small merchants that we’re working with simply do not have the same infrastructure in place to safeguard their point of sales systems from outside intruders. While the PCI Council was created to draft and put in place standards for businesses to follow, the simple fact is that many lack the ability and knowledge about the systems they use and the changing standards to remain compliant on a constant basis. We’ve been working with our customers and partners to assist their small merchants in understanding the new standards and updating these merchants when they are introduced on a regular basis.

As this article shows, PCI isn’t just a set of rules for the merchant to protect card data, it also outlines basic common sense practices from an IT, business and personnel management perspective.  See our webinar with Control Scan here. Most processors and ISOs have PCI-DSS certified solutions that could help merchants like City Newstand Inc.

In particular, the Merchant Warehouse MerchantWARE, Transport Platform and Security Platform help merchants manage the costs and complexities of PCI compliance by either keeping data ‘in the clear’ at the point of swipe or removing it entirely from their POS system. The technology is available today for merchants to use. Processors and their developers and resellers need to help their merchants understand why data security is worth an upfront investment and on-going security vigilance.

Data thieves and hackers will always prey on the vulnerable.  We want all our merchants to become less vulnerable by understanding the benefits of PCI compliance and data security. An ounce of prevention is worth a pound of cure.