Merchants Urged to Reduce Risk of Data Breaches
Las Vegas (October 9, 2007) ? The consensus of speakers at the just-concluded Real Security Summit is that the future of credit card payments depends on systems that remove useable card data stored anywhere at the merchant level. “The technology exists to achieve real security by taking card data out of merchant systems,” said J. David Oder, CEO of Shift4 Corporation, which sponsored the Summit. “Hackers and bad guys will always be on the attack, so the prudent approach is to minimize risk by not storing data in merchant systems.”
What was described by Jonathan Rusch of the U.S. Department of Justice as a “global security epidemic” is fueled by terrorist groups and organized crime turning to credit card fraud as a ready source of cash. “Terrorists are always learning and exploiting the system. The key is to stop the problem at its source,” said Dennis Lormel, a former FBI white collar crime expert now with Corporate Risk International.
Merchants and other Summit attendees were urged by several speakers to assume that someone will try to penetrate their system and to choose payment processing that outsources the risk by not storing any credit card data at the merchant level. According to Dr. Heather Mark, Principal, The Aegenis Group, there is a difference between a security breach ? when a hacker penetrates a system ? and a data breach in which card data is compromised. “A security breach is never a good thing, but the public is really affected only when their personal data is taken,” she said.
With the possibility of heavy penalties and customer backlash in the event of a data breach, merchants were urged to investigate new technologies that go beyond complying with standards to create real security that can be sustained. “Security is paramount,” said Oder. “Compliance is really a byproduct of a commitment to security.”