PCI Security Standards – Why Compliance Is In Your Best Interest

Why Comply with PCI Security Standards?

PCI Security StandardsWhy should you, as a merchant, comply with the PCI Security Standards? At first glance, especially if you are a smaller organization, it may seem like a lot of effort, and confusing to boot. But not only is compliance becoming increasingly important, it may not be the headache you expected.

Compliance with PCI Security Standards can bring major benefits to businesses of all sizes, while failure to comply can have serious and long-term negative consequences. Here are some reasons why.

  • Compliance with the PCI DSS means that your systems are secure, and customers can trust you with their sensitive payment card information:
    • Trust means your customers have confidence in doing business with you
    • Confident customers are more likely to be repeat customers, and to recommend you to others
  • Compliance improves your reputation with acquirers and payment brands — the partners you need in order to do business
  • Compliance is an ongoing process, not a one-time event. It helps prevent security breaches and theft of payment card data, not just today, but in the future:
    • As data compromise becomes ever more sophisticated, it becomes ever more difficult for an individual merchant to stay ahead of the threats
    • The PCI Security Standards Council is constantly working to monitor threats and improve the industry’s means of dealing with them, through enhancements to PCI Security Standards and by the training of security professionals
    • When you stay compliant, you are part of the solution – a united, global response to fighting payment card data compromise
  • Compliance has indirect benefits as well:
    • Through your efforts to comply with PCI Security Standards, you’ll likely be better prepared to comply with other regulations as they come along, such as HIPAA, SOX, etc.
    • You’ll have a basis for a corporate security strategy
    • You will likely identify ways to improve the efficiency of your IT infrastructure
  • But if you are not compliant, it could be disastrous:
    • Compromised data negatively affects consumers, merchants, and financial institutions
    • Just one incident can severely damage your reputation and your ability to conduct business effectively, far into the future
    • Account data breaches can lead to catastrophic loss of sales, relationships and standing in your community, and depressed share price if yours is a public company
    • Possible negative consequences also include:
      • Lawsuits
      • Insurance claims
      • Cancelled accounts
      • Payment card issuer fines
      • Government fines

You’ve worked hard to build your business – make sure you secure your success by securing your customers’ payment card data. Your customers depend on you to keep their information safe – repay their trust with compliance to the PCI Security Standards.

Article Provided by, PCI Security Standards Council

If you would like liquidvideotechnologies.com to discuss developing your Home Security System, Networking, Access Control, Fire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com

If you liked this article, you may want to read this:

Cloud SolutionsChoosing Your Business’s Best Cloud Solutions

PCI

Master PCI Data Security

PCI Compliance, PCI Security

Gary Kielich, owner of Systems Technology Group, says PCI / data security, software customization, and zero fear of complexity are keys to POS sales success.

Even today, as high-profile retail data security breaches dominate the airwaves and merchants of all sizes lose sleep over PCI and EMV requirements, many of the VARs Business Solutions speaks with are all too lax about — and in many cases, ignorant of — the business opportunities spawned by the payment security environment. That’s not STG.

In his direct, yet polite, manner, Kielich puts it plainly. “PCI has confused the hell out of the market and resellers alike,” he says. While that confusion has caused some to punt security concerns to their processing partners or simply avoid addressing them, STG took a wholly different approach. Five years ago, a contract opportunity opened the VAR’s eyes to the market’s need for payment security leadership. “We had an opportunity to install a 25-store system for a public sector account. The contract terms were draconian enough to send most solutions providers running,” he explains. At issue was payment security. The contract required the solutions provider to bring in a QSA (qualified security assessor) to document that STG’s system wasn’t storing or transferring any payment data. The requirement was telling, and Kielich had the foresight to know it was a sign of the times. “Instead of shying away, we wrapped our arms around it,” he says. “We started engaging with QSAs and absorbing everything we could. Then we wrote a software interface to a payment gateway to tokenize CHD (card holder data) between our application and the processor. We took on encryption. The more we learned, the better we got at proving the security of our solution.”

In the years since that project, payment security has become a leading POS systems sales driver. The fact that STG has been offering baked-in tokenization for the past five years and point-to-point encryption for the past two has brought a lot of business its way. “To merchants, payment security didn’t matter ten years ago. It started to matter a little five years ago. It matters a lot now,” says Kielich. “A lot of people are hung up on trying to secure data. You can’t do that, because the bad guys will get to it. You have to build a model where there is no data.” Because STG took that on early, it’s paying the company dividends today.

Today, when a customer approaches STG with payment security concerns, Kielich says his sales team is ready to pounce. “We go into those conversations with confidence because we’re experts. When prospects don’t lead with security, we make a point to bring it up early in the conversation because it’s important and because we’re experts.” PCI, he says, has caused a lot of pain and confusion, but STG has an obligation to understand it and attack it. “We’ve claimed it as an opportunity, not an obstacle. If you don’t understand security, you shouldn’t be in this business, period.”

Now, STG is keeping a close watch on the future of payments, notably mobile. In the current landscape, overpopulated as it is with digital wallet providers, Kielich admits that his crystal ball has yet to inform him what the end-all-be-all mobile payment solution will look like. But, he says the key for solutions providers is to align with vendors that have open systems. “No one knows who will win, but we do know that proprietary will lose. You need to partner with vendors who are open to all of them and to those that can commit the people, technology, and dollars to accommodate all of them, so that the merchant has choice.” And, above all else, of course, security.

Customize And Replicate

Another important driver of STG’s success is its willingness to modify off-the-shelf software to meet specific client needs. Kielich provides a hometown example to illustrate. Buffalo is home to Minor League Baseball’s Buffalo Bisons, who play home games in 18,000+ seat Coca-Cola Field. When Buffalo’s Rich Products — which owns both the Bisons and the Northwest Arkansas Naturals — sought a POS upgrade for the multiple concession areas at Coca-Cola Field and the Naturals’ 6,500-seat Arvest Ballpark, it turned to STG. “We installed Aloha there, but its off-the-shelf functions weren’t enough for stadium environments. The solution had to manage distinct sets of inventory among various concession stands,” explains Kielich. “We wrote an application called Stand Sheet Manager as a requirement of the contract, and that capability landed us the 145-terminal sale.”

Kielich says the decision to seize control of STG’s destiny by hiring in-house software developers helps the company distinguish itself from those married to off-the-shelf solutions, but he offers advice to those willing to follow suit. “Early on, we had some talented and technically proficient employees, and they were able to develop software extensions at a basic level by modifying SQL tables or writing a little C++,” he says. “We began with those simple enhancements, but as we monetized it, we hired additional programmers.”

Monetizing that development work is imperative, and Kielich says it requires discipline. “We’re very diligent about writing a thorough scope of work for each client engagement, which outlines in detail what they want, and which is priced in accordance with our development efforts,” he says. That careful management has afforded STG the current luxury of employing three full-time C# developers.

The other beauty of STG’s custom development work is that often it can be replicated to the tune of more and bigger business opportunities. “Through these custom engagements, our developers have built a library of enhancements that are maintained, enhanced, and available for sale to the greater market,” he says. “They can be sold over and over again.” Five years ago, STG wrote a reporting application for a liquor store customer called the STG Buyer’s Tool. It was designed to help the merchant analyze what inventory was moving and what wasn’t, enabling better buying decisions. “It’s a tool that makes those merchants more efficient and more profitable. We continue to sell and enhance that application, and it’s allowed us to win several other accounts in the liquor and packaged retail goods industries,” says Kielich. In fact, STG has made the application available to other resellers, too.


“To merchants, payment security didn’t matter ten years ago. It started to matter a little five years ago. It matters a lot now.”

Gary Kielich, Owner, Systems Technology Group

 

In 2013, another custom development project brought some high-profile exposure to STG. Fellow Buffalo business Delaware North Companies outfitted Busch Stadium with 1,800 food service associates to work the World Series that year, many of whom were armed with Honeywell mobile POS units loaded with a solution delivered by STG. “That installation helped us make great strides into extending our experience to the mobile space. We’ve grown the stadium and arena segment of our business significantly, with installations in venues that host many professional teams around the country.”

By tiptoeing into software development, getting paid for customizations up front, and making the fruits of its development efforts available for sale to the greater market, STG has strengthened its foothold in some of the key segments it serves.

Embrace Complexity

Kielich says everyone at STG recognizes that the retail systems landscape has never been more complex than it is today, and he says everyone there embraces that fact. “We’ve committed to being specialists, and that means understanding every piece of the retail ecosystem,” he says. For example, while many VARs shy away from the merchant demand for omni-channel transaction complexity and opt instead to stay chained to traditional brick-and-mortar transaction enablement, STG relishes the opportunity to engage merchants’ omni-channel challenges. “You can’t do omni-channel on ten-year-old legacy applications without a lot of burdensome integration, because they weren’t designed for that,” he says. To capitalize on omni-channel demand, he says you have to offer a software package that accommodates transaction complexity, such as buy online, pick up in store and buy online, and return to store, as well as one that enables multistore and DC inventory visibility.

“VARs have to be willing to trace this demand back to its origin, which isn’t the merchant, it’s the consumer,” says Kielich. “Understanding and accommodating the demands of modern consumers is a very complex business. They expect to purchase anywhere, pay anywhere, and have merchandise fulfilled anywhere. They want access to loyalty programs, inventory, and transaction history. The retailer wants accurate and timely information on their consumers. All those demands equate to solutions opportunities for those of us willing to take on the complexity,” he says. For its part, STG resells LS Retail, which Kielich says offers virtually all of the omni-channel functionality his customers demand.

Beyond the complexity of modern customer-facing solutions such as omni-channel, Kielich says the VAR business itself has become significantly more complex since he launched STG. He points to the shift toward SaaS as an example. “We’ve been selling Aloha for 20 years now, and we’re fortunate in that Aloha started moving toward SaaS fifteen years ago with its above-store reporting engine,” he says. “That was followed by gift cards and loyalty, then online ordering, and now 15 different applications, including POS, are delivered in the SaaS model.” As such, STG has been charging monthly fees for services since long before it was cool. Today, some 30 percent to 35 percent of its customers’ transactions are conducted via SaaS applications.

Kielich equates the complexity of the current retail technology climate with opportunity. “This is a really exciting time for our business because of all the change, and I’m grateful for it. Complexity, and the ability to specialize in solving complex challenges, protects us from commoditization and the pricing and margin erosion that comes with it,” he says. His advice to you, his fellow channel pros, is to embrace complexity and become expert specialists. “No one asks for the cheapest brain surgeon.” Likewise, he says, when merchants face complexity, they seek the best, and they’re willing to pay for it.

Article Provided By: Business Solutions

If you would like liquidvideotechnologies.com to discuss developing your Home Security System, Networking, Access Control, Fire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com

If you liked this article, you may want to read this:

Security vs Money

Electronic Locks

Electronic Locks for All Market Niches

Electronic Locks-Businessman with arms raised

 

 

 

 

 

In 2014, providers of locking and identity systems generally found the security landscape to be less chaotic and more receptive than in recent time. The year was led, interestingly enough, by stocks that performed strongly at opposite ends of the technology spectrum.

ASSA ABLOY (OM: ASSA B) saw demand recover from previous quarters, mainly in the United States, but recently also in its biggest market, Europe, where the debt crisis weighed on demand for years. ASSA ABLOY’s stock has been on a growth spurt for almost three years. Part of that is due to scarcity value in Europe for companies that are exceeding expectations.

Several factors at the commercial/industrial enterprise level, among other larger verticals, are driving demand — not least of which is an uptick in capital expenditures. But the locking sector’s more rosy performance in 2014 can also be attributed in part to the networked-based technology evolution hitting the residential space, as well as the commercial monitoring arena.

Clearly, these are not your father’s locks. There has been impressive growth in the amount of electronic interoperable locks that will eventually be commonplace on doors. These devices, for example, can be controlled from a central location in the wake of shootings at institutions and similar scenarios.

The number of companies that can design, manufacture and market electronic locks really well is small compared to the wider pool of lock companies. Among the firms solidifying a presence in the electronic and wireless lock market are privately held SaltoSystems, Kaba (FRA: KABN), Stanley Black & Decker(NYSE: SWK) and others.

In terms of wireless digital lock manufacturers, analysts are bullish on the long-term prospects for companies such as Allegion (NYSE: ALLE), which is the second-largest provider of locks and access control systems in the world. The company is targeting 4%-5% top-line growth and 10%-12% bottom-line growth. Its U.S. sales, which accounted for 62% of FY14E revenues, appear to be picking up with increasing backlogs in institutional, education and health-care markets.

Previously moribund through the recessionary years, these verticals are now forecast to accelerate into 2016. As an example of how far locks have progressed, Allegion markets a Schlage-branded electronic device that can provide audit trails for cost-sensitive school systems to migrate from nonelectronic to electronic locking systems. Allegion’s “Engage” wireless technology provides an easy path to those small- to medium-size businesses (SMB) trying to find a cost-effective and uncomplicated way of moving to electronic locks, replacing a $300-$4,500 lock at significantly lower price points.

The use of Near-Field Communication (NFC) and Bluetooth are also projected to surge in the next three to four years. These keyless technologies, along with biometrics, are finally catching up with marketing hyperbole and allowing access control to be much more easily used by both the end user and monitored by the corporate security department and other stakeholders.

If you would like liquidvideotechnologies.com to discuss developing your Home Security System, Networking, Access Control, Fire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com .
Article provided by Security Sales & Integration

 

PCI Compliance

Here is a blog every online business should take a moment to read.(PCI Compliance)

2015 will be a defining year for data security

President Obama’s State of the Union address this week launched a new emphasis on an ever-present threat in our daily lives – cyberattacks, kicking off what will be a defining year for cybersecurity protection, and for us at the PCI Security Standards Council, pivotal in improving the protection of consumers’ payment information globally.

Public-private collaboration and information sharing, education and awareness and leveraging the most secure technology as emphasized by the president are critical to protect customers against the type of massive breaches we saw in 2014.  As the standard setting organization for payment security, we are leading the charge to provide the standards and resources to help businesses secure this information.

Too many CEO’s are learning this lesson the hard way.  For American corporate executives moving forward, data security is job security.  Companies that fail to make data protection an everyday priority run the risk of losing money, losing business and destroying their reputations.

The good news is we know what works and what doesn’t.  In recent years, we at PCI have not seen any data breaches that weren’t predictable.  On the contrary, problems arise from a failure to maintain key security controls and a lack of vigilance.  Simply put, most data security breaches involving credit card data are not sophisticated attacks at all, nor are they new tactics.  Far too many of the recent major breaches we have seen in the United States were entirely preventable.

Something as simple as a password can cause problems. A recent study by Trustwave reported that the most popular numeric password used by the American business community is 123456.  The word ‘password’ remains one of the most commonly used passwords.  It wouldn’t take a very sophisticated hacker to crack that code

Fortunately, data security is now becoming a top level issue, from the White House to Congress to corporate suites across America. President Obama’s speech this week will further drive the national conversation

Many companies need to change the way they view security issues. Passing a PCI Standards assessment is a first step, but properly following security standards 24/7 is required to prevent data breaches. Not all companies do that, thinking instead that once they check the box of passing a data security assessment their work is over. This kind of thinking is a major problem.  Data security cannot just be a “box you check” once or twice a year.  It has to be an all-day, everyday priority.  Protecting data is no longer a simple task that companies can just leave to the IT Department.

EMV Chip Technology

In 2015 America will take a major step by implementing EMV chip technology for consumers.  This is a critical step forward and will provide better data protection by adding a new additional layer of security.  EMV chip technology, which is already in use throughout much of the advanced world, provides consumers with strong security features. It helps businesses lock down their point of sale and provides protection against fraudulent transactions in face-to-face shopping environments.  However, while EMV chip technology is an additional layer in data security protection, it doesn’t solve every problem.  We should not be fooled into believing it is the magical technology that eliminates data security threats.  It isn’t.

EMV chip technology will not prevent fraud when a card is used online or in mail and telephone order purchases.  EMV technology also would not prevent breaches that involve targeted malware.

No one single technology is the answer. As we look towards the White House Cyber Security Summit at Stanford University next month, it is important for American businesses to prioritize strong security principles by maintaining a multi-layer security approach that involves people, process and technology working together to protect consumers.

It’s time for a change in the mindset about data security. Vigilance must be an everyday priority.

If you would like liquidvideotechnologies.com to discuss developing your logo, web site, web application, need custom programming, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at dwerne@mojoe.net

Article Provided by The Hill

Zaxby’s Data Breach – PCI Compliant

ATHENS, Ga. — Zaxby’s Franchising Inc. says a computer data breach has occurred at a number of its stores, including more than 40 in Georgia, and that malware files could have been used to export guest names and credit and debit card numbers.

The Athens, Ga.-based restaurant chain said in a press release on its website that credit card processing companies identified certain Zaxby’s locations as common points of purchase for some fraudulent credit card activity.

RELATED | Zaxby’s named 5th largest ‘fast casual’ chain in U.S.

Affected locations include Zaxby’s restaurants in Alpharetta, Atlanta, Braselton, Bremen, Buford, Canton, Conyers, Dacula, Dalton, Dawsonville, Fairburn, Fayetteville, Kennesaw, Lithia Springs, Lithonia, Marietta, Milton, Norcross, Powder Springs, Roswell, Tucker and Villa Rica.

See a complete list of affected stores.

The press release says, “Zaxby’s Franchising, Inc. assisted those stores in reviewing the issue, and during the course of the investigation identified some suspicious malware files on the licensees’ computer systems at several Zaxby’s locations. Because those malware files could have been used to export guest names and credit and debit card numbers, Zaxby’s Franchising, Inc. informed appropriate law enforcement authorities of the potential criminal activity. Zaxby’s Franchising, Inc. is working with all of its store locations to implement additional security measures to prevent further intrusions.”

(Atlanta Business Chronicle)

Computer Hacking Liability – Are You At Risk?

I had the great honor yesterday to speak at the InnoVision Forum on Computer Hacking Liability – Are You At Risk?.

We put together a presentation on our patent pending Firewall called “The Wall”. I have included that presentation in this post. Here is a look at the presentation:

What is PCI Compliance? PCI Compliance is now required for all business no matter how large or small.

Myths About PCI

•I can wait until my bank asks me to be PCI compliant.
•I don’t use a POS system I don’t need to be compliant.
•The software I use is PCI Compliant
•PCI is a law created by the credit card companies.
•The fines or fees are not that expensive.
•There is no state or federal regulation.
Resources:

PCI Compliant Requirements

LVT’s PCI Compliant requirements are derived from a 69 page document that was created in October of 2010 by the PCI Security Council. Liquid Video Technologies secures your network so that your business is PCI compliant.

Here are just a few of the rules that you need to comply with in order for you network to be PCI compliant.

First and foremost you must have double authentication to gain access to your router or any device that is behind your Firewall. This includes but not limited to Remote Desktop Application, Accessing Web Based Devices for Music, Accessing Security Cameras and  all ports must be closed, we have patent pending process for Double Authentication.

·         Must meet some or all requirements from 1.1 to 12.9.6, this is 69 pages that are required in some form or fashion. There are over 157 individual requirements

·         Must have logging sever the records all transaction for up to a year and be able to present then if an audit occurs – Section 10.4.3 to 11.1

·         All ports must be closed at all times, or you will fail your scan from Tustwave or one of the other dozen scan companies that are out there, but you still need access to your cameras, computers, web devices, firewall, and routers. LVT – has created a proprietary and patent pending method to accomplish this along with double authentication.

·         Must maintain and update firewall configuration and have a process in place to maintain the firewall on a monthly basis / weekly basis.

·         Must update rules and regulations to firewall and any new threats on a daily basis.

If you would like to know more about what Liquid Video Technologies protects your business from, please feel free to contact us at 864-859-9848 and we will provide you with our PCI DSS Checklist of items that we secure.

PCI DSS Compliance Checklist

PCI DSS Compliance Checklist
Here are the 12 primary requirements of the PCI DSS :

Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks
Requirement 5: Use and regularly update anti-virus software
Requirement 6: Develop and maintain secure systems and applications
Requirement 7: Restrict access to cardholder data by business need-to-know
Requirement 8: Assign a unique ID to each person with computer access
Requirement 9: Restrict physical access to cardholder data
Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes
Requirement 12: Maintain a policy that addresses information security

Payment Card Industry Data Security Standard (PCI DSS)
With e-commerce on the rise, there have been numerous financial transactions made online, many of which involve making credit card payments for purchases. This increase in online payments has subsequently resulted in the growth of cases involving credit card fraud. Card numbers and card holder data are sensitive information which need utmost protection so that misuse is prevented and information is secured.

Therefore as a strategic security measure, companies & vendors handling credit and debit card information now need to comply with stringent security standards drawn by major credit card companies like VISA, MasterCard, American Express etc. so that security breaches are prevented and card holder data is safeguarded. The standard to be followed is a set of security requirements known as the Payment Card Industry Data Security Standard (PCI DSS) and applies to all members, merchants and service providers that store, process or transmit cardholder data regardless of transaction type (point of sale, phone, e-commerce, etc.).

What is the PCI DSS ?

The PCI DSS stands for Payment Card Industry Data Security Standard. It is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. It represents a set of rules that need to be adhered to by businesses that process credit cardholder information, to ensure data is protected. The PCI Data Security Standard comprise 12 general requirements designed to:

Build and maintain a secure network
Protect cardholder data
Ensure the maintenance of vulnerability management programs
Implement strong access control measures
Regularly monitor and test networks
Ensure the maintenance of information security policies
This standard is governed by PCI Security Standards Council https://www.pcisecuritystandards.org

Why should you comply to PCI DSS ?

Organizations that store and handle credit card information of their customers, irrespective of their size and nature of business, are always at a high risk of cardholder data misappropriation by criminals and other sources with malicious intent. Such security breaches will result in fines levied by credit card companies, litigations and loss in trust, and eventually business. Moreover, there is a deadline posed by credit card companies to achieve PCI DSS compliance and that is December 2007. Credit card companies levy huge fines up to $500,000 if businesses fail to comply to the PCI DSS within the stipulated time frame. Companies also run the risk of not being allowed to handle cardholder data if found non-compliant and having lost data. As a result, achieving PCI DSS Compliance is top priority for such companies.

Want to know more information? Computer Hacking Liability – Are You At Risk?

Computer Hacking Liability – Are You At Risk?

Presented by McNair Law Firm, P.A.

Please join us for the
InnoVision Forum:

Computer Hacking Liability – Are You At Risk?
What To Do To Avoid Data Breaches and Hacking and
What To Do If You are Hacked

From the US Government to the State of South Carolina, companies and organizations of all sizes are under attack from hackers. The threat of these attacks has escalated so that cyber security professionals admit it is almost impossible to achieve 100% prevention.  According to Verizon’s 2011 report, small and medium sized businesses, as well as governments and municipalities, are the main targets.  Please join us to discuss the legal liability associated with hacking for you and your company, leading edge prevention measures to avoid hacking, and what your obligations are in the event that a breach is suspected or discovered.  We will also discuss the role of the financial institution in these circumstances.

PANEL INCLUDES:

Douglas W. Kim
Attorney
McNair Law Firm, P.A.

 

  • Doug will discuss the current laws concerning security requirements including the Red Flag Rules, PCI Compliance, South Carolina specific laws and recent cases involving hacking.  His discussion will include the recent case where a bank was required to repay monies lost to a customer due to hackers ($345,000.00).

Frank Mobley
Founder and CEO
Immedion, LLC

 

  • Frank will discuss current IT security risks and the prevalence and method of hacking.  He will also include information on how you can better protect your organization against illicit and illegal attempts to garner private information.

Deveren Werne
Founder of Mojoe.net and
Principal of Liquid Video Technologies, Inc.

 

  • Deveren will explain PCI compliance for businesses such as why a business should be PCI compliant and, if not, what are the repercussions of not being compliant, and what a business should do to become compliant from hardware to software perspective.

Wednesday, January 9, 2013
3:00 pm – 5:00 pm Presentations ~ 5:00 pm – 7:00 pm Networking
Location – McNair Law Firm, P.A., Poinsett Plaza, Suite 700, 104 S. Main Street, Greenville, SC

Seating is limited, so please respond early

RSVP to Kathy Ham by email: kham@mcnair.net or by phone: (864) 552-9345

Founding Sponsor:
Deloitte Founding Sponsor of InnoVision Awards

www.innovisionawards.org
Celebrating excellence. Honoring distinction. Applauding innovation.

Security Breach – South Carolina Department of Revenue

Security Breach – South Carolina

COLUMBIA — Last week South Carolina’s Department of Revenue Director (DOR) Jim Etter announced that approximately 3.6 million Social Security numbers and 387,000 credit and debit card numbers had been exposed in a cyber attack.

Governor Nikki Haley, South Carolina Law Enforcement Division (SLED) Chief Mark Keel and Etter briefed reporters earlier this week on the S.C. DOR information security breach and outlined additional consumer safety solutions, including extended fraud resolution and coverage for dependents who are minors, available to South Carolina taxpayers.

As of Tuesday morning, the Experian call center set up to assist South Carolina taxpayers had received approximately 533,000 calls and approximately 287,000 sign-ups for Experian’s ProtectMyID program. Access to unlimited fraud resolution beyond the one year enrollment period is included in Experian’s ProtectMyID membership and available to any taxpayer affected by DOR’s information security breach. Taxpayers who sign up for protection will also be notified — by email or letter — about how to sign up for a “Family Secure Plan” if they claim minors as dependents.

Gov. Haley and Chief Keel reiterated that anyone who has filed a South Carolina tax return since 1998 should take the following steps:

• Call 1-866-578-5422 to enroll in a consumer protection service. (The call center is open 9:00 a.m. – 9:00 p.m. EST on Monday through Friday and 11:00 a.m. – 8:00 p.m. EST on Saturday and Sunday.)

• For any South Carolina taxpayer who wishes to bypass the telephone option, there currently is an online service available at http://www.protectmyid.com/scdor. Enter the code SCDOR123 when prompted. South Carolina taxpayers have until the end of January, 2013 to sign up.

Experian’s ProtectMyID™ Alert is designed to detect, protect and resolve potential identity theft, and includes daily monitoring of all three credit bureaus. The alerts and daily monitoring services are provided for one year, and consumers will continue to have access to fraud resolution agents and services beyond the first year. Complimentary 12-month ProtectMyID memberships available to South Carolina taxpayers affected by the DOR information security breach include:

• Credit Report: A free copy of your Experian credit report.

• Daily 3 Bureau Credit Monitoring: Alerts you of suspicious activity including new inquiries, newly opened accounts, delinquencies, or medical collections found on your Experian, Equifax® and TransUnion® credit reports.

• Identity Theft Resolution: If you have been a victim of identity theft, you will be assigned a dedicated, U.S.-based Experian Identity Theft Resolution Agent who will walk you through the fraud resolution process, from start to finish.

• ExtendCARE: Full access to the same personalized assistance from a highly-trained Fraud Resolution Agent even after your initial ProtectMyID membership expires.

• $1 Million Identity Theft Insurance: As a ProtectMyID member, you are immediately covered by a $1 Million insurance policy that can help you cover certain costs including, lost wages, private investigator fees, and unauthorized electronic fund transfers.

Liquid Video Technologies can protect your network and information from Security Breaches.

Read more: The Cheraw Chronicle – State officials update security breach