Card fraud affects merchants, not just shoppers. The Data Security Standard 3.0, released by the Payment Card Industry (PCI), urges companies to create a data flow diagram. This diagram would reveal all the systems, applications and employees who have access to cardholder data.
“In the majority of compromises we’ve seen over the past few years, the merchant was trying to do the right thing but was unaware that cardholder data existed in a location that was not being protected,” states Troy Leach, PCI’s Security Standards Council chief technology officer, to StorefrontBacktalk.
Data flow diagrams include all types of data pertaining to users, suppliers and customers, and businesses should do a full analysis of their systems to know what’s what.
Businesses should also learn details about security levels at all stages, and figure out whether different data is covered under PCI jurisdiction or the protocols of foreign entities.
Data must be “overlaid with a diagram of servers on- and off-premise, and all mobile devices, including those owned by employees,” reports PaymentsSource.
Merchants should know where all their cardholder data is; how their organization operates; and “how their customer’s cardholder data moves throughout their environment,” says Leach, so they can formulate decisions that will minimize risks and costs.
PaymentsSource recommends mapping the application of data flows, since businesses today are “super-interconnected” to other networks.
January of 2015 is when PCI’s Security Standard 3.0. will be in full effect. In the meantime, retailers should promptly start creating data flow diagrams.
Oregon-based iovation Inc. has created an exclusive network of global brands across the retail industry and others, with thousands of fraud professionals reporting more than 10,000 fraud and abuse attempts each day.
iovation’s shared database contains more than 1.6 billion unique devices including PCs, laptops, iPhones, iPads, Android, Blackberries—practically every Internet-enabled device that exists.
Many big brand retailers use this device reputation service to detect fraud early by not only customizing their own real-time rules to set off triggers, but by leveraging the experiences of other fraud analysts to know if the device touching them at this moment has been involved in chargebacks, identity theft, bust-outs, and any other kind of online abuse you could imagine.
Robert Siciliano, personal security and identity theft expert contributor to iovation. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! See him knock’em dead in this identity theft prevention video. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247
ROBERT SICILIANO, CEO of IDTheftSecurity.com is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds. His "tell it like it is" style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders to get the straight talk they need to stay safe in a world in which physical and virtual crime is commonplace. Siciliano is accessible, real, professional, and ready to weigh in and comment at a moment's notice on breaking news.
- Javelin Study Shows Increased Credit Card Fraud Risk
Consumers, businesses, retailers, and even the media are becoming numb to news about data breaches. Not a week goes by when we don’t hear of another major breach affecting thousands or even millions of customer accounts. Criminal hackers are getting smarter and savvier all the time, and they often have better technology than the banks and
- What Differentiates EMV Cards?
In the United States, our credit and debit cards still rely on outdated magnetic stripe technology. The magnetic stripe is the black or brown band on the back of your credit or debit card. The stripe stores data, such as your account number, via tiny, iron-based magnetic particles. When you swipe your card through a
- European Cybercrime Not Slowing Down
Device reputation authority iovation published a report revealing that the number of fraudulent transactions originating from Europe has risen dramatically over the past two years. From April 2011 to April 2012, iovation prevented approximately 15 million fraudulent online transactions in Europe. That’s an increase of 60% over the previous year. The rate of European fraud
- Security Snapshot: How Is EMV Safer?
To understand why EMV credit cards—or “chip and PIN” cards—are safer, first we must understand standard magnetic stripe cards. The familiar magnetic stripe, which can be seen on all credit cards carried in the United States, has been around for more than four decades. The security technology behind the magnetic stripe has been compromised, since the
- It Takes Sharing and Organization to Fight Organized Crime
The amount of money made and lost due to fraud is surpassing the illegal drug trade. A digital arms race has law enforcement officials nipping at the criminals’ heels. Retailers and banks continue to fight criminal hackers, but are being bombarded by advanced, persistent threats that eventually make their way into the network. There are data