This is a guest article by Mercury Payment Processing, a company I represent.

The one comfort about large-scale data breaches is that there are often lessons that can be learned. In the case of Target’s breach, customer data was reportedly compromised by malware installed at the POS. Mercury’s Chief Information Security Officer Jim Maloney notes that merchants commonly overlook the following steps. While there is no guarantee your merchants can avoid all security risks, advising them on the following items can assist in mitigating security risks.

If the POS software is installed on general purpose hardware such as a PC, do not use that PC for general web browsing or email.
Install anti-virus software and keep it updated. Check for new virus signatures at least weekly.
Use an up-to-date, vendor-supported operating system. Check for new patches weekly.
Use strong passwords of at least eight characters that are hard to guess.
Change any default passwords on purchased network and point-of-sale devices.
Do not share accounts and passwords – one user per account.
Use a firewall between the store network and the internet. Disable any remote maintenance access to POS devices.
Password protect any wireless routers and use encryption features.
Do not store any sensitive cardholder data on computers or on paper.
Make sure all employees are aware of the importance of protecting any sensitive data associated with customers and the business.

February 2014
Messenger Home

Help your merchants protect their business from hackers

Introducing the Mercury
Developer Network and Developer Portal

Mercury announces partnership with Infinite Peripherals™

Convenience and scalability

Help your merchants protect their business from hackers

The recent Target security breach has many merchants wondering what they can do to protect their own business. They spend years building their business and the idea that a hacker could breach their point of sale and compromise their business in a matter of hours is alarming, to say the least.

The one comfort about large-scale data breaches is that there are often lessons that can be learned. In the case of Target’s breach, customer data was reportedly compromised by malware installed at the POS. Mercury’s Chief Information Security Officer Jim Maloney notes that merchants commonly overlook the following steps. While there is no guarantee your merchants can avoid all security risks, advising them on the following items can assist in mitigating security risks.

If the POS software is installed on general purpose hardware such as a PC, do not use that PC for general web browsing or email.
Install anti-virus software and keep it updated. Check for new virus signatures at least weekly.
Use an up-to-date, vendor-supported operating system. Check for new patches weekly.
Use strong passwords of at least eight characters that are hard to guess.
Change any default passwords on purchased network and point-of-sale devices.
Do not share accounts and passwords – one user per account.
Use a firewall between the store network and the internet. Disable any remote maintenance access to POS devices.
Password protect any wireless routers and use encryption features.
Do not store any sensitive cardholder data on computers or on paper.
Make sure all employees are aware of the importance of protecting any sensitive data associated with customers and the business.

Mercury offers Merchant SecureAssist™, a low cost, easy-to-use PCI compliance and breach assistance solution. It helps merchants meet PCI requirements, protect their business from certain costs related to data breach, and protects customers’ card data. For more information, feel free to contact me.

Until we meet again, have a data breech free week!