Advice offered to businesses on data breach protection

August 14, 2014

Delmarva merchants were recently impacted by a POS - point of sale - system data breach. The recent breach in Ocean City, Md., and surrounding areas involves a POS system that includes remote access, allowing merchants to access their information off site. The information being accessed was not encrypted, resulting in full card information being available to malware and breach scenarios.

Mercantile Processing Inc., a Delaware-based merchant services provider, can address these concerns for area merchants and business owners and educate everyone on what questions should be asked at this time. The key to any data breach is to act swiftly and safeguard any data that may be vulnerable.

If a business has not been contacted by its processor, software company, or customers about credit card numbers being compromised, owners at that location can assume their system is safe for now. Even if the  location has not been contacted, it is in every merchant’s best interest to follow the following steps to safeguard against future breaches:

All merchants using computers for any aspect of work should have an up-to-date virus software with regularly scheduled scans to protect the onsite PC and data. Installing periodic or prompted updates to software is key in protecting against malware as it is discovered. If business owners are unsure they are using the proper software, they should contact their merchant services sales office or software provider find out.

Daily scans, typically performed after hours, can detect vulnerabilities in a business's system and/or recently discovered malware. Approving the recommended settings/updates after each scan is typically recommended, but businesses should check with their software company for any specific questions.

Credit card information always needs to be encrypted in order to protect cardholders. What this means is that data should only be sent from point A (the terminal) to point B (the processor, which approves the transaction) with limited information provided, such as the last four digits of the card, for identification purposes. In order to avoid breaches, all merchants should be using terminals or POS systems that have end-to-end encryption. Merchants who are unsure if their current system is end-to-end encrypted should contact their hardware provider.

Every merchant that accepts credit cards has seen a charge on statements for PCI compliance or noncompliance (either monthly, quarterly, annually, etc.). In order to safeguard customers and business against data breaches, every merchant must have PCI compliance. Merchants can get PCI compliance by completing their PCI compliance questionnaire on an annual basis and by having their system scans up to date.

While the PCI compliance questionnaire does not protect a business from a breach, it does make it aware of the possible breach areas and allows it to attest to having these protections in place.

The questionnaire will inquire if the business has antivirus software installed, and if data is encrypted. If Visa, MasterCard, Discover or American Express discover that a merchant did not have antivirus software installed and/or did not have regular scans on the system while an investigation is conducted, the merchant would be deemed PCI noncompliant and be liable for fines.

An informative article produced by MasterCard in 2012 stated that even the “small[est] merchants are being targeted. Larger companies and banks tend to have the most technical and expensive security features in place to protect against any potential hack, but this level of security may not be feasible for a small merchant."

The lesson from this breach is for all merchants, regardless of size, to be aware of breach possibilities.

Mercantile Processing Inc. is a locally owned Delaware company based in Sussex County, headquartered in Frankford. MPI serves the Delmarva area and surrounding areas as a credit card processing broker, payroll solution provider, credit card terminal and ATM reseller and a gift/loyalty card program supplier. Mercantile Processing Inc. is a registered ISO/MSP of Wells Fargo Bank NA.