PCI: Smaller Merchants Threatened

Criminals Now Picking Less Compliant Targets

Linda McGlasson, Managing Editor

The Payment Card Industry's Security Standards Council may be doing a good job helping lock down larger retailers, but the smaller "Mom and Pop" merchants are becoming the new targets of cyber criminals, says a PCI expert.

A recent report on PCI compliance by Verizon Business shows some unsettling trends, says Jen Mack, Verizon's director of global PCI consulting services.

Mack says Level 3 and 4 retailers are now being targeted by cyber criminals for the theft of credit card data. Examples of these targets include restaurants in several states that were hit in the past several months -- the latest being one that had its POS system breached in Tallahassee, Fla.

Level 3 merchants are defined by those merchants that have 20,000 or more credit card transactions annually. Level 4 are those that have fewer than 20,000 credit card transactions per year.

The PCI report shows that businesses of every size "are better at planning, doing -- not at checking if they are compliant," says Mack, a former member of the PCI Security Standards Council. The overwhelming majority of data breaches occur because of failures to check things were in place. Despite arguments to the contrary, Mack says "There's no open hole causing data breaches that isn't covered by the PCI standards."

To read the entire article, click here -  http://www.bankinfosecurity.com/articles.php?art_id=3019&rf=2010-10-23-eb