The truth is that many of the greatest protective measures you can take to secure confidential information are also the most simple. While attacks have incrementally gained in sophistication, they often aren’t immune to being detected and stopped before the damage has been done. Yet even today, we’re still seeing that security basics are being overlooked and leading to compromises. For example, passwords are a key way to securing access to computers and your point-of-sale environment. Not changing these passwords regularly or using ones that are easily-guessed is like leaving the cash register open and one of the simplest ways for criminals to sneak into your system and access valuable customer payment information. ‘Password' is still one of the most common password used by businesses today; in 2013 two out of three breaches involved compromised credentials according to the 2014 Verizon Data Breach Investigations Report (DBIR).

Another great example is outdated software. As we saw recently with the end of XP support, many retailers and especially smaller retailers are still not aware of the risk to their payment systems and business that comes with having outdated software on their systems. Running old software without the security support, patches and updates, leaves businesses wide open to the latest vulnerability such as the Heartbleed bug or one of the many millions of new pieces of malware being created.

Recently, the PCI Security Standards Council created a quick infographic with 10 simple steps to help drive home the basics and importance of making these practices part of your everyday business.

https://www.pcisecuritystandards.org/pdfs/PCI-Top-Ten.pdf

The PCI Security Standards provide the foundation for this multi-layered approach to data security. Version 3.0 of the PCI DSS takes a special focus on helping you make payment security business as usual, through increased education and awareness, flexibility and understanding security as a shared responsibility.

But even with the best standards in place, criminals after payment card data are persistent in their attacks; we have to be persistent in our defenses, relying not just on one layer of protections but many. This effort must be part of an ongoing and vigilant security program. The PCI community continues to work to update and develop its standards while also providing guidance on other technologies, such as tokenization and Point-to-Point Encryption (P2PE) that can help simplify their PCI DSS compliance efforts and provide added security. In the fall issue of Hospitality Upgrade Magazine, we’ll talk more about these and EMV chip technology and how they can work together with PCI Standards to help you reduce your risk and protect your customers’ payment information.