Did you know that your unexpired credit card is worth as little as $0.06 and as much as$1000 on the black market? Cyber security experts explain that the “street value” of a stolen credit card number can vary widely depending on the status of the account, credit limit available, expiration date, and whether there is a physical-issued card to be sold as well. In bulk, untested credit card numbers can cost as little as $600 for a set of 10,000 while some “high-limit” card accounts are sold for $300-$1000. It’s no wonder that credit card theft is on the rise with merchants and processors being the prime targets.
Global Payment Systems, an international payment systems processor, just reported a data breach that put over 1.5 million card holder accounts at risk. Cyber security experts estimate that, while this intrusion was the largest in almost 2 years, over 3.4 million credit card numbers were stolen in the last 12 months alone. Visa, MasterCard, and other issuers in the credit card industry have worked to establish a set of rules for both merchants (consumer-facing businesses) and credit processors like Global Payments. These Payment Card Industry (PCI) rules have been in place for over 5 years but their content and their application have been evolving and becoming more complex. The latest PCI version 2.0 standards are even stricter and apply to smaller businesses than ever before.
In order to meet these new rules or guidelines, smaller businesses have to implement new payment devices, update their network infrastructure, and to provide evidence that they are protecting customer’s credit card data. It’s important to understand that this data is valuable to both cyber criminals outside your company or small business and possibly to malicious insiders and disgruntled employees. It is critical to implement third-party IT security assessments and to periodically test your company’s internal and external (internet) security defenses. Here are a few key actions that your company and/or small business can take to protect your customer’s data and payment information:
- Establish regular communication with your credit card processor – Your credit card processor should publish regular security updates and provide key actions necessary to ensure that your business complies with the latest PCI guidelines/standards.
- Schedule regular vulnerability assessments of your internal Information Technology (IT) – This would include a review of IT security risks, cyber threats, anti-virus, IDS/IPS, and firewall protection.
- Educate your business leaders and employees on cyber security – Obtain training and establish security policies that will implement a culture of cyber security awareness. Where applicable your IT Security resources should be trained to identify and prevent cyber intrusions and advanced persistent threats from both internal and external sources.
Superior Solutions has both the tools and the expertise to help you secure and enhance the integrity of your information technology resources. Whether you are in need of a security assessment, PCI audit, or user security training we can help. Contact us today and we’ll work with you to implement the right security network service plan for your business.