With blooming flowers, chirping birds and warming temperatures, spring finally arrived in April. But it seems the wonders of nature aren’t the only thing that spring brought us. We’re also getting fresh reports of hackers who are up to no good.
And I’m not talking about Netflix having their shows stolen, held for ransom and released online. While that’s also concerning, let’s focus on what’s more troubling to the average business – like data breaches involving stolen customer information and credit card data.
The first week of April, video game retailer GameStop reported that credit card information stolen from its customers was found for sale on a website. It appeared this hack was related to GameStop’s online retail operations. What’s interesting here is that card verification value (CVV) codes – which merchants are not allowed to store – were intercepted by the hackers, suggesting they were fairly sophisticated.
Later, InterContinental Hotels admitted that a 2016 data breach it originally thought only affected 12 of its properties actually included many more, with some estimating that more than 1,000 locations were compromised. This hack involved malware that operated during the scanning of customers’ credit cards at hotel front desks between September and December of 2016.
Get the side of chips
And then there’s Chipotle, who recently acknowledged that the credit card payment processing system used in its stores was breached between late March and mid-April. What’s noteworthy in Chipotle’s case is that the fast-casual retailer decided not to upgrade its credit card systems to the newer, potentially more secure EMV (Europay, MasterCard and Visa) systems that use the chip and PIN.
For Chipotle, the concern was that forcing customers to wait for chip reads and entering a PIN would slow down their ordering lines. But now the concern is that a lot of credit card information was stolen.
Granted, the Payment Card Industry Data Security Standard (PCI-DSS) has not yet mandated EMV technology for PCI compliance. The reality is that EMV is just one piece of the payment security puzzle – a puzzle that is constantly shifting as hackers become smarter and PCI compliance requirements become increasingly complex.
Finding a trusted partner
Whether your customers are buying from you online or in your store, all of these recent data breaches serve as good reminders that payment security is critically important to your business. And getting it wrong means lost customers, damaged reputation and fines if you are found to be out of PCI compliance.
This is serious stuff, which is why it pays to partner with an IT services provider who truly understands the ins and outs of not just basic hosting and configuration, but also how to establish reliable, end-to-end data security for your environment.
That’s precisely what ZZ Servers does best. ZZ Servers is a PCI Level 1 Service Provider, meaning it can securely host a merchant’s systems for them, ensure that those systems pass PCI compliance audits and then maintain an optimal level of security going forward.
So before spring turns to summer, it seems like a fine time to re-evaluate your IT security posture. ZZ Servers is here to help and give you that peace of mind you’ll need during that summer vacation.