PCI Compliance

Here is a blog every online business should take a moment to read.(PCI Compliance)

2015 will be a defining year for data security

President Obama’s State of the Union address this week launched a new emphasis on an ever-present threat in our daily lives – cyberattacks, kicking off what will be a defining year for cybersecurity protection, and for us at the PCI Security Standards Council, pivotal in improving the protection of consumers’ payment information globally.

Public-private collaboration and information sharing, education and awareness and leveraging the most secure technology as emphasized by the president are critical to protect customers against the type of massive breaches we saw in 2014.  As the standard setting organization for payment security, we are leading the charge to provide the standards and resources to help businesses secure this information.

Too many CEO’s are learning this lesson the hard way.  For American corporate executives moving forward, data security is job security.  Companies that fail to make data protection an everyday priority run the risk of losing money, losing business and destroying their reputations.

The good news is we know what works and what doesn’t.  In recent years, we at PCI have not seen any data breaches that weren’t predictable.  On the contrary, problems arise from a failure to maintain key security controls and a lack of vigilance.  Simply put, most data security breaches involving credit card data are not sophisticated attacks at all, nor are they new tactics.  Far too many of the recent major breaches we have seen in the United States were entirely preventable.

Something as simple as a password can cause problems. A recent study by Trustwave reported that the most popular numeric password used by the American business community is 123456.  The word ‘password’ remains one of the most commonly used passwords.  It wouldn’t take a very sophisticated hacker to crack that code

Fortunately, data security is now becoming a top level issue, from the White House to Congress to corporate suites across America. President Obama’s speech this week will further drive the national conversation

Many companies need to change the way they view security issues. Passing a PCI Standards assessment is a first step, but properly following security standards 24/7 is required to prevent data breaches. Not all companies do that, thinking instead that once they check the box of passing a data security assessment their work is over. This kind of thinking is a major problem.  Data security cannot just be a “box you check” once or twice a year.  It has to be an all-day, everyday priority.  Protecting data is no longer a simple task that companies can just leave to the IT Department.

EMV Chip Technology

In 2015 America will take a major step by implementing EMV chip technology for consumers.  This is a critical step forward and will provide better data protection by adding a new additional layer of security.  EMV chip technology, which is already in use throughout much of the advanced world, provides consumers with strong security features. It helps businesses lock down their point of sale and provides protection against fraudulent transactions in face-to-face shopping environments.  However, while EMV chip technology is an additional layer in data security protection, it doesn’t solve every problem.  We should not be fooled into believing it is the magical technology that eliminates data security threats.  It isn’t.

EMV chip technology will not prevent fraud when a card is used online or in mail and telephone order purchases.  EMV technology also would not prevent breaches that involve targeted malware.

No one single technology is the answer. As we look towards the White House Cyber Security Summit at Stanford University next month, it is important for American businesses to prioritize strong security principles by maintaining a multi-layer security approach that involves people, process and technology working together to protect consumers.

It’s time for a change in the mindset about data security. Vigilance must be an everyday priority.

If you would like liquidvideotechnologies.com to discuss developing your logo, web site, web application, need custom programming, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at dwerne@mojoe.net

Article Provided by The Hill

Zaxby’s Data Breach – PCI Compliant

ATHENS, Ga. — Zaxby’s Franchising Inc. says a computer data breach has occurred at a number of its stores, including more than 40 in Georgia, and that malware files could have been used to export guest names and credit and debit card numbers.

The Athens, Ga.-based restaurant chain said in a press release on its website that credit card processing companies identified certain Zaxby’s locations as common points of purchase for some fraudulent credit card activity.

RELATED | Zaxby’s named 5th largest ‘fast casual’ chain in U.S.

Affected locations include Zaxby’s restaurants in Alpharetta, Atlanta, Braselton, Bremen, Buford, Canton, Conyers, Dacula, Dalton, Dawsonville, Fairburn, Fayetteville, Kennesaw, Lithia Springs, Lithonia, Marietta, Milton, Norcross, Powder Springs, Roswell, Tucker and Villa Rica.

See a complete list of affected stores.

The press release says, “Zaxby’s Franchising, Inc. assisted those stores in reviewing the issue, and during the course of the investigation identified some suspicious malware files on the licensees’ computer systems at several Zaxby’s locations. Because those malware files could have been used to export guest names and credit and debit card numbers, Zaxby’s Franchising, Inc. informed appropriate law enforcement authorities of the potential criminal activity. Zaxby’s Franchising, Inc. is working with all of its store locations to implement additional security measures to prevent further intrusions.”

(Atlanta Business Chronicle)

Computer Hacking Liability – Are You At Risk?

Presented by McNair Law Firm, P.A.

Please join us for the
InnoVision Forum:

Computer Hacking Liability – Are You At Risk?
What To Do To Avoid Data Breaches and Hacking and
What To Do If You are Hacked

From the US Government to the State of South Carolina, companies and organizations of all sizes are under attack from hackers. The threat of these attacks has escalated so that cyber security professionals admit it is almost impossible to achieve 100% prevention.  According to Verizon’s 2011 report, small and medium sized businesses, as well as governments and municipalities, are the main targets.  Please join us to discuss the legal liability associated with hacking for you and your company, leading edge prevention measures to avoid hacking, and what your obligations are in the event that a breach is suspected or discovered.  We will also discuss the role of the financial institution in these circumstances.

PANEL INCLUDES:

Douglas W. Kim
Attorney
McNair Law Firm, P.A.

 

  • Doug will discuss the current laws concerning security requirements including the Red Flag Rules, PCI Compliance, South Carolina specific laws and recent cases involving hacking.  His discussion will include the recent case where a bank was required to repay monies lost to a customer due to hackers ($345,000.00).

Frank Mobley
Founder and CEO
Immedion, LLC

 

  • Frank will discuss current IT security risks and the prevalence and method of hacking.  He will also include information on how you can better protect your organization against illicit and illegal attempts to garner private information.

Deveren Werne
Founder of Mojoe.net and
Principal of Liquid Video Technologies, Inc.

 

  • Deveren will explain PCI compliance for businesses such as why a business should be PCI compliant and, if not, what are the repercussions of not being compliant, and what a business should do to become compliant from hardware to software perspective.

Wednesday, January 9, 2013
3:00 pm – 5:00 pm Presentations ~ 5:00 pm – 7:00 pm Networking
Location – McNair Law Firm, P.A., Poinsett Plaza, Suite 700, 104 S. Main Street, Greenville, SC

Seating is limited, so please respond early

RSVP to Kathy Ham by email: kham@mcnair.net or by phone: (864) 552-9345

Founding Sponsor:
Deloitte Founding Sponsor of InnoVision Awards

www.innovisionawards.org
Celebrating excellence. Honoring distinction. Applauding innovation.

Security Breach – South Carolina Department of Revenue

Security Breach – South Carolina

COLUMBIA — Last week South Carolina’s Department of Revenue Director (DOR) Jim Etter announced that approximately 3.6 million Social Security numbers and 387,000 credit and debit card numbers had been exposed in a cyber attack.

Governor Nikki Haley, South Carolina Law Enforcement Division (SLED) Chief Mark Keel and Etter briefed reporters earlier this week on the S.C. DOR information security breach and outlined additional consumer safety solutions, including extended fraud resolution and coverage for dependents who are minors, available to South Carolina taxpayers.

As of Tuesday morning, the Experian call center set up to assist South Carolina taxpayers had received approximately 533,000 calls and approximately 287,000 sign-ups for Experian’s ProtectMyID program. Access to unlimited fraud resolution beyond the one year enrollment period is included in Experian’s ProtectMyID membership and available to any taxpayer affected by DOR’s information security breach. Taxpayers who sign up for protection will also be notified — by email or letter — about how to sign up for a “Family Secure Plan” if they claim minors as dependents.

Gov. Haley and Chief Keel reiterated that anyone who has filed a South Carolina tax return since 1998 should take the following steps:

• Call 1-866-578-5422 to enroll in a consumer protection service. (The call center is open 9:00 a.m. – 9:00 p.m. EST on Monday through Friday and 11:00 a.m. – 8:00 p.m. EST on Saturday and Sunday.)

• For any South Carolina taxpayer who wishes to bypass the telephone option, there currently is an online service available at http://www.protectmyid.com/scdor. Enter the code SCDOR123 when prompted. South Carolina taxpayers have until the end of January, 2013 to sign up.

Experian’s ProtectMyID™ Alert is designed to detect, protect and resolve potential identity theft, and includes daily monitoring of all three credit bureaus. The alerts and daily monitoring services are provided for one year, and consumers will continue to have access to fraud resolution agents and services beyond the first year. Complimentary 12-month ProtectMyID memberships available to South Carolina taxpayers affected by the DOR information security breach include:

• Credit Report: A free copy of your Experian credit report.

• Daily 3 Bureau Credit Monitoring: Alerts you of suspicious activity including new inquiries, newly opened accounts, delinquencies, or medical collections found on your Experian, Equifax® and TransUnion® credit reports.

• Identity Theft Resolution: If you have been a victim of identity theft, you will be assigned a dedicated, U.S.-based Experian Identity Theft Resolution Agent who will walk you through the fraud resolution process, from start to finish.

• ExtendCARE: Full access to the same personalized assistance from a highly-trained Fraud Resolution Agent even after your initial ProtectMyID membership expires.

• $1 Million Identity Theft Insurance: As a ProtectMyID member, you are immediately covered by a $1 Million insurance policy that can help you cover certain costs including, lost wages, private investigator fees, and unauthorized electronic fund transfers.

Liquid Video Technologies can protect your network and information from Security Breaches.

Read more: The Cheraw Chronicle – State officials update security breach