Without proper and timely action, e-commerce merchant accounts and the merchants and customers which they serve are in grave danger from hackers.
Tuesday, August 4, 2015
E-Commerce Merchant Accounts Are in Danger
Great article from Instabill.
Three quarters of point-of-sale merchants in the US either aren’t ready for or don’t know about the EMV liability shift – to take place on Oct. 1, 2015. It has fraudsters and hackers chomping at the bit for the prospects.
Once hackers are unable to penetrate the unique chip code EMV cards generate, they will turn their wrath to e-commerce businesses. It happened in Europe when e-commerce took hold in the late 1990s and early millienium; then again in Canada when it migrated to EMV cards from those with the magnetic stripe.
Without proper and timely action, e-commerce merchant accounts and the merchants and customers which they serve are in grave danger from hackers.
“I think it will be worse. Only 25 percent of merchants know what EMV is, and it’s coming in two months,” said Ed Black, the Director of New Business and PCI Compliance at Comodo, an internet security provider. “We also know from the Verizon report that only 29 percent of merchants stay PCI compliant within a year of attestation.”
Upgrade Operating Systems: Hackers prey on merchants that use old operating systems, such as Windows XP, that no longer go through security fixes and upgrades. “Windows XP no longer keeps up with the needs and threats of 2015,” said Mr. Black. “Windows doesn’t make patches or support it any longer, yet hackers know that people still use it. And they exploit those weaknesses.”
Quarterly PCI Scans and Penetration Testing: Merchants simply need to decide how valuable their business is and how much they want to invest to protect it. PCI scanning costs less than $100 per year. Penetration testing, required for some merchants, is upwards of $7,000 a year.
“Penetration testing is very labor intensive,” said Mr. Black. “If you are an e-commerce merchant and fall under the A-EP, C or D merchant categories, it is required. It is now the cost of doing business.”
Invest in TLS Certificates: Merchants need to upgrade from SSL certificates to TLS (Transport Layer Security) 1.2 to protect their e-commerce merchant accounts. “TLS certificates can be relatively inexpensive depending on how many domains, subdomains and IPs need to be covered,” Mr. Black noted.
Considering the consequences – losing your customers’ credit card data and possibly your business – PCI DSS 3.0 and 3.1 compliance are necessary investments.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment