Since all merchants accepting credit cards (even if the number of transactions per year is 1) must meet data security standards in the payment card industry (PCI-DSS), it is in their interest to know some of them. One thing we know for sure is that PCI does not go away. Since the merchant can be fined for not being observed, it is now much better to be active than to regret it later.
Therefore, let us now consider some of the problems that a merchant must undertake in order to provide a secure environment for their customer data.
5 Major PCI problem areas:
- terminal at point of sale (POS)
- phishing
- skimming
- SQL injections
- storage of card data
The following is a brief definition of each area.
1. terminals : A vulnerability to terms is when data is transferred from your location to your server purchasers. However, due to modern technologies you don’t need to spend too much time worrying. Today’s manufacturers have their own PCI standards that they must comply with in production. Most terminal problems originate from older, incompatible hardware. For the most part this has been eliminated either by replacing or updating.
What makes you most vulnerable with your terminal is the ability of data thieves to either connect or insert a device that can intercept and capture data without even realizing it.
Never allow anyone to do any work or maintenance on your hardware, without checking with your processor that this needs to be done, and allowing someone else the permission of your processor.
You also need to constantly know where your terminal is and who has access to it. Albertson’s grocery store actually had pin pads taken out at several checkpoints without their knowledge, and thieves intercepted debit card information from customers.
If you are processing online, you also need to make sure that you are using PCI approved software.
CAUTION: It is easy to be complacent or even annoy the PCI requirements - but this is important for taking any necessary precautions and preparation. Being a victim of theft is very similar to an accident. You do not see that they are coming, and you do not think that this will happen to you!
2 Phishing - Phishing is an ongoing fraud process that attempts to trick you into revealing sensitive personal information (for example, account numbers, social, personal data, etc.). For a business owner, they have more than their own personal data. They also have service workers, employees who have access to files (offline and offline, etc.),
Sensitive information can be stolen from files, verbally by phone, text message, email, voice mail - you name it! Especially be on your guard when you receive an e-mail asking for confidential information - even if it looks like someone you know and trust. I received spam, which seemed to be from a friend, until I opened it and read it.
When I told my friend about this, he said that somehow his computer was hacked, and the hacker received the email address of everyone in my friends ’contact list and sent them messages. What a racket.
3 Slip - Skimmers use a small device about the size of a credit card, which can be placed in an ATM slot, and also capture and save credit and debit card information. They also use hidden cameras to record the PIN of cardholders. With all their ingenuity, why can't they get a real job? I think it's not so interesting.
So, if you have an ATM on promises, and you have high traffic (in fact, even if you don’t), it’s never a bad idea to keep track of it and look for anything that looks added or unusual.
4. SQL injections SQL means “structured query language,” and this is a concern for companies that store information in databases. Basically, SQL is a computer programming code that can be written to a web form (for example, on the login pages), which allows the programmer to hack into any system and steal data.
The bottom line is that you cannot take anything for granted. This may well be the method that was used in the contact list of my friends. Again, use only PCI-compatible software and do not store anything you do not need. This is the perfect result for my last point (for this article anyway).
5. Storing card data or customer information - It is difficult to store information somewhere, in some kind of file. Business owners are especially endowed with protection information. This includes storage invoices, HR staff files (even applications for work have confidential data that a thief would like to receive) and various forms of customer information that are almost impossible to save somewhere And again this means offline. This is all in addition to card owner Information. Nevertheless, a thief is valuable information that you need to have when faking cards or sending new letters in the mail.
Although we didn’t scratch the surface of PCI threats and compliance issues, this is at least a good start for you to think about.
