Archive for the 'PCI PED' Category



27
Jan
10

Throwing Down The Gauntlet

I am having a bad day and just got done with a call with an acquiring bank and their PCI compliance coordinator.

What got me in a really foul mood was their demanding of my client that they take certain actions to better ensure the security of the acquiring bank’s transactions.  I do not know what it was, but their request just hit me wrong and I went on a rant.  However, after I was done, I started to think about it and said to myself, “Why not?”

My rant to this poor person revolved around why the card brands and acquiring banks do not expend their efforts to fix the credit card fraud problem instead of addressing the symptoms?  For the last ten years, the card brands have developed their various security programs that were merged together to form the various PCI compliance standards.  While these standards address the shortcomings of the existing processing environment, my impression is that the card brands are doing little, if nothing, to actually address the real problems.

How about we force the card brands to develop a truly secure credit card and related secure transaction processing?  Given the technology available today, one would think that with the right people involved, a secure credit card could be readily developed and at the same time, a secure transaction processing environment could be designed that does not allow the storage of cardholder data except at those points where it is required.  And at those points where cardholder data needs to be stored, these points are heavily secured, monitored and fortified against attack and the breaching of data.  Those projects alone would probably go so far as to reduce card fraud and breaches by 90% to 95%.

Yes, I know that such changes would not come quickly, but you might be surprised.  If a new, secure process and card was introduced and it provided the benefits that I think it likely would, a lot of merchants might actually have a reason to get on board and spend the money to fix the real problem.

So, how about it card brands and acquiring banks?  Are you up to the challenge?

23
Feb
09

New Scam Out There

Here’s a new twist on an old scam that may be affecting retailers.

The old scam was to get small business owners to purchase office supplies, copier paper, copier toner, etc. at inflated prices and pay exorbitant shipping costs. The scam was driven by unscrupulous distributors that had sales people do the old hard sell on a merchant’s support personnel who didn’t know any better.

The new scam involves an automated calling system that dials the retailer. The message delivered from this automated system is that the retailer’s credit card terminal is not PCI compliant and that the retailer needs to order new terminals to ensure that they meet legal requirements and remain PCI compliant. The automated system then asks the call’s recipient to press a key to order terminals.

At its best case, this may just be another take on the old office supplies scam and is being run by an unscrupulous credit card terminal dealer to jack up sales. In a worst case scenario, this may be an attempt by some form of organized crime to get doctored terminals into the retail stream so that they can collect credit card data for resale.

Either way, the word needs to get out that retailers are being targeted.




Announcements

If you are posting a comment, be patient, as the comments will not be published until they are approved.

If your organization has a PCI opportunity, is in need of assistance with a PCI issue or if you would like the PCI Guru to speak at your meeting, you can contact the PCI Guru at pciguru AT gmail DOT com.

I do allow vendors to post potential solutions in response to issues that I bring up in posts. However, the PCI Guru does not endorse any specific products, so "Caveat Emptor" - let the buyer beware. Also, if I feel that the response is too "sales-ee", I reserve the right to edit or not even authorize the response.

Calendar

October 2021
M T W T F S S
 123
45678910
11121314151617
18192021222324
25262728293031

Enter your email address to subscribe to the PCI Guru blog and receive notifications of new posts by email.

Join 2,422 other followers