in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Data Security: Global Payments Breach Prompting Other Processors To Take Action?

The big story from last week was the revelation that Global Payments, a "minor" credit card processor, had suffered a data breach at the hands of hackers.  It was one of those data breaches where data encryption software like AlertBoot would not have made an impact.  So, I thought I'd wait a bit before commenting on it.  After all, there were lots of different stories going around, and I figured I'd decline from adding to the rumor mill.

Well, it looks like I'll be commenting on it sooner than I expected.

Someone in our accounting department forwarded me the below email from First Data Independent Sales, our credit card processor.  Based on the timing of the Global Payments debacle, I've got to wonder whether it was the trigger for the following "free PCI compliance evaluations" offer from First Data.

Realistically, you can't possibly come up with such an offer over the weekend -- especially considering the number of merchants using First Data -- so my gut reaction is that the below offer has been in the making for a while.  But one's got wonder whether making the offer (sending the offer?  emailing the offer?) at this time is purely coincidental or is meant to take advantage of the publicity surrounding the need for better security when it comes to credit card processing.

The colleague that forwarded me the email made the observation that "normally getting PCI compliance is expensive, but the problem is getting so grave the credit card processor is paying for it for the merchants." Actual contents of the email follow:


Thank you for choosing First Data Independent Sales for your payment processing needs.  We value you as a client, and First Data Independent Sales wants to be sure you have information on becoming PCI Compliant as required by Visa, MasterCard and other payment card networks.  We have provided the following important information on becoming PCI compliant in a Q&A format.

Q. Why am I getting this email?

A. We are the processor for your Visa, MasterCard and other payment card transactions.  We are sending you this email to alert you to urgent actions you are required to take to help combat cardholder fraud and identity theft.  THESE ACTIONS ARE REQUIRED BY VISA, MASTERCARD AND THE OTHER PAYMENT CARD NETWORKS.

Q.  What is PCI compliance and why it is required?

A.  In 2005, the payment card networks established a common set of industry requirements designed to help with the safe handling of sensitive cardholder account information.  These requirements are known as the Payment Card Industry (PCI) Data Security Standard (DDS).  These PCI security requirements have been phased in over time and apply to all merchants that accept Visa, MasterCard and other payment cards.  More information about this security standard is available online at:

http://www.pcisecuritystandards.org/

You can find specifics about the Visa and MasterCard security programs at the following sites:

www.visa.com/cisp

www.mastercard.com/sdp

Q.  What do I need to do?

A.  To help you achieve PCI compliance, First Data Independent Sales has arranged for SecurityMetrics, a certified security assessor for Visa, MasterCard, American Express and Discover Card, to provide you with their "Site Certification" service.  There is NO additional cost to you for this service.  The fee for the SecurityMetrics Site Certification PCI service is included in your Annual Compliance Service Fee. 

Please contact SecurityMetrics at 800.557.4684 to begin the process. 

You may enroll online at: http://www.securitymetrics.com/ by clicking on "Enroll Now."

Q.  When do I need to do this?

A.  You are requested to complete certification by May  3, 2012, so please ACT NOW.

Q.  What if I fail to become PCI Compliant?

A.  The Card Associations are very serious about data security.  Security breaches have affected merchants of all sizes. If you are compromised, Association fines can potentially exceed $500,000 per Association.  These fines are in addition to other liabilities you may face in connection with the security breach.  

Q.  Am I required to use SecurityMetrics?

A.  No, You may use another certified vendor and if a quarterly scan is not required you have the option to complete and submit the self-validation questionnaire yourself. Please visit yourmerchantinfo.com and review the requirements for a Level 4 merchant.

Q.  How can I be sure this email is legitimate?

A.  To assist you in validating this e-mail, First Data Independent Sales has included up-to-date information about PCI DSS Compliance on the following website:

http://www.merchantinsider.com/merchantresources/datasecurity

You also will have the ability to enroll directly with SecurityMetrics Level 4 program by clicking "Enroll Now" found under the PCI Compliance for Level 4 merchants.

Your participation is essential in protecting you against any unwanted security breaches. We greatly appreciate your time and assistance with this critical effort.  Thank you. 

Sincerely,

First Data Independent Sales

 
<Previous Next>

Data Encryption Software: RockYou Settles With FTC For $250,000 And 20 Years Oversight

UK Data Breaches: Responsible Data Use Effects Consumer Trust And Loyalty

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.