In late June, clothing retailer Buckle revealed that its in-store POS and payment systems were compromised and that sensitive data—including potentially from debit and credit cards—may have been stolen. Buckle is currently investigating the breach, so details are limited. However, the retailer did reveal that its systems were infected with malware designed to snatch credit card information. At this time, there’s no telling how much, if any, information was stolen, but this latest breach serves as a great wake-up call to solution providers about the necessity of good security practices.
Here are some tips to keep your merchants safe:
- PCI compliance is just a snapshot of a moment in time. The guidelines put forth in the PCI Data Security Standard (DSS) include many areas that must be constantly reviewed. For example, PCI DSS states that firewalls should be used to prevent unauthorized incoming and outcoming traffic and that every time a change is made to the network, testing should be done to ensure weaknesses haven’t been introduced.
Regardless of the precautions you take, can you be sure that the phone installer or video surveillance integrator haven’t punched holes in the firewall that could lead to vulnerabilities? Are other solution providers being given access to the network, and is card holder data accessible to them? The infamous Target breach might have been avoided if their HVAC supplier had limited access to the network.
- Sell and maintain antivirus software. It’s too soon to tell if Buckle’s malware problem could have been prevented with antivirus software or if Buckle was even running AV. However, we know that most retailers—especially SMBs are unprotected. Here’s some surprising data from a recent Business Solutions magazine survey of POS solution providers and payment ISOs:
- 57% of solution providers sell antivirus to their merchants, while only 9% of ISOs sell antivirus.
- 45% of solution providers are managing antivirus updates and maintenance for their merchants compared to only 9% of ISOs.
- Half of the ISOs in the survey don’t even know if their merchants are using antivirus solutions.
This is clearly an opportunity for POS solution providers. Your competition most likely is leaving their customers unprotected. There’s a good chance you are as well. Offering AV is an easy add-on service.
- Don’t forget physical security. 64% of the solution providers surveyed by Business Solutions felt that, if a breach were to happen to their customers, it would come from the inside. If you really want to protect data from an inside job, consider access control systems that prevent unauthorized entrance into key areas. Video cameras can be installed to keep watch of sensitive areas as well. Not only can physical security help prevent breaches, it’s a nice upsell opportunity for you.
If antivirus, network segmentation, access control and video surveillance are foreign concepts to you, contact Ingram Micro for help. Make protecting your customers a priority before it’s too late.