Computers connected to the internet are one of the greatest advancements in retailing. It allows retailers to do so many different things I couldn’t even list them all in this blog. As the technology got faster and more reliable naturally businesses began to use the internet to not only display and sell merchandise but also process credit cards transactions. This gave rise to a whole new breed of thieves who instead of a gun use computers to rob consumers. Credit card fraud increase so significantly with the use of the internet an organization was formed called Payment Card Industry Data Security Standard, better known as PCI DSS and they set the standards for data security. PCI gave merchants specific security measures to follow and if we were ever hacked into and did not have all the security measures in place then we would get $100,000 fine. This set off a series of ever-changing rules and security measures now known as PCI Compliance. These so called security measures have cost merchants billions to protect a credit card system that was designed in the 1980’s before business were even using computers. As you can see with the latest Home Depot and Target hacks the PCI DSS organization failed miserably! Don’t blame the merchants for your data being stolen, blame PCI DSS and the credit card companies. They put the burden of security on the merchants rather than fixing the obsolete credit card system used to process transactions, but that’s a topic for another blog!
Back in 2007 the buzz was you better get PCI Compliant or be prepared to pay the $100,000 fine if you get hacked. Knowing it was impossible for us to apply all the security measures and maintain the system to become PCI compliant, we turned to computer data hosting which is now known as “cloud computing”. Computer hosting companies like Xand or Peak10 have servers setup for businesses in a high security environment that are 100% PCI compliant and we run our point of sale software off these servers. So all the information we acquire from a customer is stored safely off site in a facility designed to protect the data from being hacked. We also don’t have to worry about someone breaking in and stealing our servers or losing the data in a fire or other disaster. On top of that we have a firewall router appliance that also protects our entire network plus firewalls and antivirus software on every computer in our building. Since 2008 we have spent over $150,000 on software and hardware upgrades to protect our computer system and our customer’s information from being stolen by hackers. We did all this even before the recent attacks but in the wake of these events we felt it was still not good enough. To take things a step further our software will no longer retain any credit card information and all past card information is encrypted. That way even if someone hacks our system there is no information to steal. You can’t get safer than that!
Ok, your information is safe with us but what about the old antiquated credit cards system? The good news is it’s finally being updated and you can thank the hackers for it. The latest data breaches happened because someone figured out that at the moment the credit card gets swiped there is a 1 second delay in the encryption process that leaves the card information wide open to steal. The hackers figured this out and created a virus that collects the unencrypted card information then sends it to the hacker. They then turn around and sell the information on the black market. I guess the credit card companies got hit where it hurts the most, their pockets, and decided to change the system. The magnetic card swipes are finally going to disappear and be replaced by a computer chip and pin number. That’s all the details I have right now but this new system is currently used in Europe. For us it means we have to purchase new pin and chip terminals which we planned on doing anyway with the announcement of Apple Pay and Google Wallet.
Moving forward I don’t believe this is then end of hackers stealing credit card data. Someone somewhere will find another hole and be one step ahead of the system. What I do see are companies like Apple, Ebay, and Google starting to slowly move into the credit industry to get a piece of the action. Maybe that’s what this industry needs to gets its act together. Until then we are taking the safe road and not storing any credit card information. If you have nothing to seal than no one will steal from you, which put us one step ahead of the hackers.