Posts Tagged ‘data breach victim’

When There’s Blood in the Water…

Wednesday, March 24th, 2010

You know they’re out there – predatory hackers working to breach your payment system and release a flood of card numbers to who-knows-where. The bottom line is that every time you process, transmit or store cardholder data, you are putting your company – and your job – at risk. These risks, if exploited by you-know-who, can have a disastrous effect on your business, your employees and your customers.

  • Taking credit cards as a payment method is not an option – it’s just a part of business. And there are huge liabilities that come with that – click here for an up-to-date rundown of data breaches from the Privacy Rights Clearing House.
  • In a typical credit card transaction, cardholder data is passed multiple times, heightening the risk of theft – click here for an animated representation of the traditional payment process.
  • Storing cardholder data is extremely risky – and very unnecessary, yet it happens more often than not. In fact, since 2003, the number of online credit card fraud cases has increased from 2.3 to 3.2 billion – a 30 percent spike.

Tags: , , , , , ,
Posted in Uncategorized | No Comments »

EPX Protects Payment Data During the Transaction Lifecycle, But Consumers Must Safeguard their Credit Cards and Debit Cards at All Times

Tuesday, January 12th, 2010

Electronic Payment Exchange’s industry leading tokenization and encryption technologies protect payment data throughout the transaction lifecycle. Independent of EPX however, identity theft occurs constantly as a result of insecure consumer practices before any card data enters the transaction lifecyle. Therefore, it is important for credit and debit card users to practice high levels of safety when performing transactions.

Below is a list of important safety tips for credit and debit card users to follow:

  • If you have applied for a new/replacement card, and have not received it within 14 business days, immediately contact your financial institution.
  • Activate your new/replacement card once you receive it in the mail. Be sure to remove the sticker from the card once activated.
  • Sign the back of the credit/debit card as soon as you receive it.
  • Memorize your Personal Identification Number (PIN). Never write the PIN on the back of the debit card, or on a piece of paper and keep it in your wallet.
  • Never share your PIN with anyone. No one from a financial institution, police, or any merchants should ask for your PIN.
  • Never lend your credit/debit card to anyone. No one else should have access to it.
  • Protect your credit/debit card as if it were cash! Never let your card out of your sight.
  • Do not leave your credit/debit card in your vehicle.
  • Report lost or stolen credit/debit cards immediately! During business hours, contact your local bank branch. Once you have received your new card, notify all merchants with whom you have set up automatic billing payments of the new card number.
  • Be aware of others nearby when entering your PIN. Shield the screen or keyboard of the POS terminal or ATM machine to prevent those nearby from viewing your PIN entry or transaction amount.
  • Do not volunteer any personal information when using your credit/debit card.
  • Do not give you social security number, credit/debit card number, or any bank account information over the phone unless you have initiated the call, and you know that the business you are dealing with is reputable.
  • Before leaving the cashier, make sure you receive your credit/debit card back after every purchase.
  • Be careful with any receipts; do not leave them behind.
  • Always check your sales receipt for the correct purchase amount prior to signing. Keep copies of your sales and ATM receipts for future reference.
  • Verify the purchase amount on each receipt with the transaction amounts on the bank statements.
  • If you do not receive your monthly statement within a timely manner, contact your financial institution.
  • Contact your local financial institution for any changes made to your address or phone number. Keep your contact information current at all times so that your bank can contact you when necessary.
  • Shred all credit/debit card receipts or confidential information prior to placing it in the trash.
  • If you receive credit card applications in the mail, shred them before placing them in the trash. This prevents anyone from filling out the application in your name and receiving the card. If you choose to fill out an application, make sure the application is from a reputable financial institution.
  • Shred all expired credit/debit cards before placing them in the trash. Some paper shredders are capable of shredding the cards, or use a pair of scissors to cut the cards up into small pieces.
  • Keep track of every credit/debit card owned. Keep a confidential list of issuer telephone numbers in a secure location.
  • Avoid carrying extra credit/debit cards in your wallet or purse. Carry only the cards that you use frequently.
  • Never send payment information via email. Go directly to the web site and log into your account.
  • When making a purchase online, make sure you are using a secured browser. All reputable merchant web sites use an encryption technology that protects your personal data from being compromised by others while conducting online transactions.
  • Never provide your credit/debit card as proof of age. A credit/debit card does not contain information that verifies the card holder’s age. Some merchants my request the card number, show them your driver’s license instead.
  • Avoid using your PIN when using your debit card to make a purchase. It is best to just run the debit card like a credit card.
  • Be aware of emails that request personal data such as: PINs, Social Security Number (SSN), personal passwords, mailing address, or phone numbers. Plus emails that send you to a web site that request such information. Best thing to do is to delete the email.
  • Be aware of solicitors posing as representatives from a credit card or financial institution, calling to tell you that there has been some fraudulent activity on your account and requests your account number, PIN number, social security number or the three digit code located on the back of your card. If a financial institution contacts you due to suspicious activity, they would never ask for personal information to verify your transaction. Best thing to do is hang up and contact your bank institute to verify the status of your account.
  • When using an ATM machine, observe the surrounding area. If the machine is obstructed from view, or poorly lit, locate another ATM machine to perform your transaction. Report the condition to the financial institution responsible for that ATM machine.
  • Prior to using an ATM machine, be sure to inspect the card reader area for evidence of tampering. If there is evidence of tampering, contact the owner of the ATM to report the problem.
  • When using a drive-through ATM machine, make sure that all passenger windows are closed, and the doors are locked. This will prevent anyone form accessing your card while performing a transaction.
  • If using an indoor ATM machine that requires you to use a card to gain access, do not allow any unknown individuals in with you.

If credit and debit card users would perform at least half of these suggested security tips, the number of identity thefts and fraudulent transactions happening each day would be reduced.

For additional information about identity theft, click here.

Tags: , , , , , , , , , , , , , ,
Posted in EPX Commentary | No Comments »

Data Breach – Will it ever stop?

Monday, November 30th, 2009

Data Breach – Will it ever stop? Probably not, but we are making strides in the right direction.

A recent article published on Forbes.com (“The Year Of The Mega Data Breach” by Andy Greenberg), points out that although the number of data breaches dropped by 50% in 2009, the actual number of records breached has increased by 185 million. While most of the records were lost as a result of a large credit card processing firm’s breach, nearly 80 million more records were breached as a result of an unprotected hard drive being sent by a company to a third-party organization for repair.

While evidence shows that there is an increase in the use of tokenization, encryption, and other data loss prevention technology by organizations who process sensitive data, secure technology is not in use in high numbers. Human actions cannot be controlled in the same manner as technology, so when people choose to bypass technology, corruption and data breach are within reach.

With the constant threat of data breach, Electronic Payment Exchange is always researching and developing new ways to protect personal data from being accessed by unauthorized individuals. EPX is the first payment processor to offer a true end-to-end solution that endorses and incorporates both tokenization and encryption for securing cardholder data from the card reader through the entire transaction lifecycle. Using encrypted card readers with EPX’s BuyerWall™ credit card data tokenization technology, EPX has virtually removed merchants’ point-of-sale systems and card readers from the scope of PCI compliance and has substantially eliminated merchant liability associated with the risk of processing, transmitting, and storing sensitive cardholder data.

Tags: , , , , , , , , ,
Posted in EPX Commentary, Payments Industry News | No Comments »

Welcome Data Breach Legislation in the Works

Tuesday, November 10th, 2009

In an upcoming article for a major trade magazine related to payment security, EPX COO and Chief Security Office Matt Ornce makes some predictions about increased legislation for the payment card industry in 2010.

Ornce asks if 2010 is the year for state level breach notification laws to be aggregated into federal law. He says that there could be some welcome legislation for those organizations that unfortunately need to struggle with the 46 different state laws. Such legislation could also help streamline the time-sensitive notification process for breached entities. Beyond the financial fraud perpetrated for personal gain, the use of breached cardholder data as a funding source for terrorist activities has been clearly established by the Criminal Division of the Department of Justice, the FBI, the U.S. Secret Service and others, providing a clear impetus for federal regulation of cardholder data security.

It seems that Ornce’s prognostications are coming true.

Recently, the U.S. Senate Judiciary Committee approved two bills (the Personal Data Privacy and Security Act and the Data Breach Notification Act) that require organizations who suffer data breaches to report them to potential victims.

The Data Breach Notification Act would require U.S. agencies and businesses involved in interstate commerce to report data breaches to victims whose personal information “has been, or is reasonably believed to have been, accessed, or acquired.” The bill also requires businesses to report large data breaches to the U.S. Secret Service.

The Personal Data Privacy and Security Act would also require that breached organizations give notice to potential victims and authorities. The Act would increase penalties for data theft and provide people the ability to access and correct personal data held by commercial data brokers.

While it doesn’t eliminate the state laws, it’s the first step solidly in the direction of replacing those laws with a federal standard.

Tags: , , , , , , , , , , , , ,
Posted in Uncategorized | No Comments »