|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
      |
|
|||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||
      |
|
|||||||||||||||||||||||||||
MEMBER
ALERT:
Non-Compliant POS Systems Vulnerable to Identity Theft
This Can Result in Significant Liability to Your Business! Costs to investigate and rectify can start at $10,000 and go higher!
Laws and regulations regarding processing credit cards are continually being tightened to protect consumers from identify theft.
Several years ago, WRA informed all members that beginning August 1, 2005, a change in the law required all businesses accepting credit or debit cards to truncate (remove) all but the last 5 numbers of any card transaction as well as truncate the entire expiration date from all receipts issued back to the customer.
In addition to the law, the “Payment Card Industry (PCI) Data Security Standards” was created as a result of collaboration between VISA and MasterCard to establish common industry security requirements. Other card companies have also endorsed the standard within their own respective programs. This standard has been in place since June, 2001.
WRA was recently alerted by a fraud investigator of a third party credit card processor that several systems used by Wisconsin restaurant operators had been “hacked” into (security breach) – subsequently resulting in identity theft to consumers. The vulnerable systems were identified as old versions of POS Systems that were never updated to comply with the new laws and standards, thus being non-compliant.
Any business using a non-compliant POS system is subject to substantial cost and fines if a security breach occurs. These costs typically start at $10,000 - not including fines, and go higher. Even if a security breach has not yet occurred, the business is subject to higher credit card processing fees because the system is not compliant.
PLEASE CONTACT THE LOCAL DISTRIBUTOR OF YOUR POS SYSTEM TO DETERMINE IF YOURS IS COMPLIANT – OR WHAT YOU NEED TO DO TO BECOME COMPLIANT.
In the meantime – here is a list of action items you can do TODAY to help protect your current system if it’s not compliant (per the Retail Solutions Providers Association)
- Make sure your POS has a firewall if it has internet connectivity
- Make sure software patches are up to date
- Antivirus software must be in place and up to date
- Change passwords on a regular basis. If you don’t need one to get on your system – create one and USE it!
- Turn off remote access when it isn’t needed
- Contact your POS provider to see exactly what you are storing on your system Remember – if you don’t need it, don’t store it!
These steps are presented as interim actions only, until you can invest in a Payment Card Industry (PCI) compliant POS system or upgrade.
Please view the following video put together by the Retail Solutions Providers Association.
This 12 minute video gives you a candid look at facts surrounding Payment Card Industry (PCI) Compliance and provides a sense of how costly credit card compromises can be – and how they are affecting the restaurant and retail industry and, ultimately, our economy. It also highlights a restaurant owner’s personal experience dealing with a security breach and the current accumulated cost to her business.
(Click Play - the black triangle on the bottom left - to
begin the video)
 |
|
 |
|
 Search the Web |
|
|
|
